CISM Certified Information Security Manager – Question0123

The data access requirements for an application should be determined by the:

A.
legal department.
B. compliance officer.
C. information security manager.
D. business owner.

Correct Answer: D

Explanation:

Explanation: Business owners are ultimately responsible for their applications. The legal department, compliance officer and information security manager all can advise, but do not have final responsibility.