nerdexam
(ISC)2

CAP · Question #99

Which of the following is NOT a responsibility of a data owner?

The correct answer is A. Maintaining and protecting data. In information security, the data owner (typically a senior manager or business executive) is responsible for the business decisions around data - classifying it, ensuring security controls are in place, approving who gets access, and delegating day-to-day protection tasks to dat

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which of the following is NOT a responsibility of a data owner?

Options

  • AMaintaining and protecting data
  • BEnsuring that the necessary security controls are in place
  • CDelegating responsibility of the day-to-day maintenance of the data protection mechanisms to
  • DApproving access requests

How the community answered

(34 responses)
  • A
    88% (30)
  • B
    3% (1)
  • C
    3% (1)
  • D
    6% (2)

Explanation

In information security, the data owner (typically a senior manager or business executive) is responsible for the business decisions around data - classifying it, ensuring security controls are in place, approving who gets access, and delegating day-to-day protection tasks to data custodians. The day-to-day maintenance and hands-on protection of data (backups, patching, monitoring) is the responsibility of the data custodian, not the data owner. Option A ('Maintaining and protecting data') describes custodian-level operational work. Options B, C, and D - ensuring controls are in place, delegating maintenance to custodians, and approving access requests - are all legitimate data owner responsibilities that involve governance, oversight, and decision-making rather than operational execution.

Topics

#Data owner#Roles and responsibilities#Information governance#Data protection

Community Discussion

No community discussion yet for this question.

Full CAP Practice