Secure Software Lifecycle Professional – CSSLP – Question078

Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?

A.
The custodian makes the initial information classification assignments, and the operations manager implements the scheme.
B. The data owner implements the information classification scheme after the initial assignment by the custodian.
C. The custodian implements the information classification scheme after the initial assignment by the operations manager.
D. The data custodian implements the information classification scheme after the initial assignment by the data owner.

Correct Answer: D

Explanation:

Explanation: The data owner is responsible for ensuring that the appropriate security controls are in place, for assigning the initial classification to the data to be protected, for approving access requests from other parts of the organization, and for periodically reviewing the data classifications and access rights. Data owners are primarily responsible for determining the data’s sensitivity or classification levels, whereas the data custodian has the responsibility for backup, retention, and recovery of data. The data owner delegates these responsibilities to the custodian. Answer: B, A, and C are incorrect. These are not the valid answers.