CISM Certified Information Security Manager – Question0289

The MOST appropriate owner of customer data stored in a central database, used only by an organization's sales department, would be the:

A.
sales department.
B. database administrator.
C. chief information officer (CIO).
D. head of the sales department.

Correct Answer: D

Explanation:

Explanation:
The owner of the information asset should be the person with the decision-making power in the department deriving the most benefit from the asset. In this case, it would be the head of the sales department. The organizational unit cannot be the owner of the asset because that removes personal responsibility. The database administrator is a custodian. The chief information officer (CIO) would not be an owner of this database because the CIO is less likely to be knowledgeable about the specific needs of sales operations and security concerns.