CISM Certified Information Security Manager – Question1169

An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?

A.
The data owner
B. Internal IT audit
C. The data custodian
D. The information security manager

Correct Answer: D