CISM Certified Information Security Manager – Question0297

Which of the following roles is PRIMARILY responsible for determining the information classification levels for a given information asset?

A.
Manager
B. Custodian
C. User
D. Owner

Correct Answer: D

Explanation:

Explanation:
Although the information owner may be in a management position and is also considered a user, the information owner role has the responsibility for determining information classification levels. Management is responsible for higher-level issues such as providing and approving budget, supporting activities, etc. The information custodian is responsible for day-to-day security tasks such as protecting information, backing up information, etc. Users are the lowest level. They use the data, but do not classify the data. The owner classifies the data.