CISM Certified Information Security Manager – Question0930

The MOST appropriate individual to determine the level of information security needed for a specific business application is the:

A.
system developer.
B. information security manager.
C. steering committee.
D. system data owner.

Correct Answer: D

Explanation:

Explanation:
Data owners are the most knowledgeable of the security needs of the business application for which they are responsible. The system developer, security manager and system custodian will have specific knowledge on limited areas but will not have full knowledge of the business issues that affect the level of security required. The steering committee does not perform at that level of detail on the operation.