CAP · Question #99
Which of the following is NOT a responsibility of a data owner?
The correct answer is A. Maintaining and protecting data. In information security, the data owner (typically a senior manager or business executive) is responsible for the business decisions around data - classifying it, ensuring security controls are in place, approving who gets access, and delegating day-to-day protection tasks to dat
Question
Which of the following is NOT a responsibility of a data owner?
Options
- AMaintaining and protecting data
- BEnsuring that the necessary security controls are in place
- CDelegating responsibility of the day-to-day maintenance of the data protection mechanisms to
- DApproving access requests
How the community answered
(34 responses)- A88% (30)
- B3% (1)
- C3% (1)
- D6% (2)
Explanation
In information security, the data owner (typically a senior manager or business executive) is responsible for the business decisions around data - classifying it, ensuring security controls are in place, approving who gets access, and delegating day-to-day protection tasks to data custodians. The day-to-day maintenance and hands-on protection of data (backups, patching, monitoring) is the responsibility of the data custodian, not the data owner. Option A ('Maintaining and protecting data') describes custodian-level operational work. Options B, C, and D - ensuring controls are in place, delegating maintenance to custodians, and approving access requests - are all legitimate data owner responsibilities that involve governance, oversight, and decision-making rather than operational execution.
Topics
Community Discussion
No community discussion yet for this question.