CISM Certified Information Security Manager – Question1101

In business-critical applications, user access should be approved by the:

A.
information security manager.
B. data owner.
C. data custodian.
D. business management.

Correct Answer: B

Explanation:

Explanation:
A data owner is in the best position to validate access rights to users due to their deep understanding of business requirements and of functional implementation within the application. This responsibility should be enforced by the policy. An information security manager will coordinate and execute the implementation of the role-based access control. A data custodian will ensure that proper safeguards are in place to protect the data from unauthorized access; it is not the data custodian’s responsibility to assign access rights. Business management is not. in all cases, the owner of the data.