Systems Security Certified Practitioner – SSCP – Question0329 - Systems Security Certified Practitioner

Which of the following is not a responsibility of an information (data) owner?

A. Determine what level of classification the information requires.
B. Periodically review the classification assignments against business needs.
C. Delegate the responsibility of data protection to data custodians.
D. Running regular backups and periodically testing the validity of the backup data.

Correct Answer: D

Explanation:

This responsibility would be delegated to a data custodian rather than being performed directly by the information owner.
“Determine what level of classification the information requires” is incorrect. This is one of the major responsibilities of an information owner.
“Periodically review the classification assignments against business needs” is incorrect. This is one of the major responsibilities of an information owner.
“Delegates responsibility of maintenance of the data protection mechanisms to the data custodian” is incorrect. This is a responsibility of the information owner.
References: CBK p. 105. AIO3, p. 53-54, 960