CISM Certified Information Security Manager – Question0040

Who should be responsible for enforcing access rights to application data?

A.
Data owners
B. Business process owners
C. The security steering committee
D. Security administrators

Correct Answer: D

Explanation:

Explanation:
As custodians, security administrators are responsible for enforcing access rights to data. Data owners are responsible for approving these access rights. Business process owners are sometimes the data owners as well, and would not be responsible for enforcement. The security steering committee would not be responsible for enforcement.