Secure Software Lifecycle Professional – CSSLP – Question313
Which of the following is NOT a responsibility of a data owner? A. Approving access requests B. Ensuring that the necessary security controls are in place C. Delegating responsibility of the day-to-day maintenance of the data protection mechanisms to the data custodian D. Maintaining and protecting data
Correct Answer: D
Explanation:
Explanation: It is not a responsibility of a data owner. The data custodian (information custodian) is responsible for maintaining and protecting the data. Answer: B, A, and C are incorrect. All of these are responsibilities of a data owner. The roles and responsibilities of a data owner are as follows: The data owner (information owner) is usually a member of management, in charge of a specific business unit, and is ultimately responsible for the protection and use of a specific subset of information. The data owner decides upon the classification of the data that he is responsible for and alters that classification if the business needs arise. This person is also responsible for ensuring that the necessary security controls are in place, ensuring that proper access rights are being used, defining security requirements per classification and backup requirements, approving any disclosure activities, and defining user access criteria. The data owner approves access requests or may choose to delegate this function to business unit managers. And it is the data owner who will deal with security violations pertaining to the data he is responsible for protecting. The data owner, who obviously has enough on his plate, delegates responsibility of the day-to-day maintenance of the data protection mechanisms to the data custodian.
Please disable your adblocker or whitelist this site!