Systems Security Certified Practitioner – SSCP – Question0414
Whose role is it to assign classification level to information? A. Security Administrator B. User C. Owner D. Auditor
Correct Answer: C
Explanation:
The Data/Information Owner is ultimately responsible for the protection of the data. It is the Data/Information Owner that decides upon the classifications of that data they are responsible for.
The data owner decides upon the classification of the data he is responsible for and alters that classification if the business need arises.
The following answers are incorrect:
Security Administrator. Is incorrect because this individual is responsible for ensuring that the access right granted are correct and support the polices and directives that the Data/Information Owner defines.
User. Is Incorrect because the user uses/access the data according to how the Data/Information Owner defined their access.
Auditor. Is incorrect because the Auditor is responsible for ensuring that the access levels are appropriate. The Auditor would verify that the Owner classified the data properly.
References: CISSP All In One Third Edition, Shon Harris, Page 121
Please disable your adblocker or whitelist this site!