nerdexam
Isaca

CDPSE · Question #98

To ensure the protection of personal data, privacy policies should mandate that access to information system applications be authorized by the.

The correct answer is C. business application owner. The business application owner is the appropriate authority to authorize access to an application because they understand the business purpose of the data, who legitimately needs it, and the sensitivity of the information involved. They are accountable for the data within their a

Privacy Governance

Question

To ensure the protection of personal data, privacy policies should mandate that access to information system applications be authorized by the.

Options

  • Ageneral counsel.
  • Bdatabase administrator.
  • Cbusiness application owner
  • Dchief information officer (CIO)

How the community answered

(24 responses)
  • A
    4% (1)
  • C
    92% (22)
  • D
    4% (1)

Explanation

The business application owner is the appropriate authority to authorize access to an application because they understand the business purpose of the data, who legitimately needs it, and the sensitivity of the information involved. They are accountable for the data within their application and are best positioned to determine appropriate access levels. The general counsel handles legal matters, the DBA manages technical database access (not business authorization), and the CIO sets strategy but delegates operational access decisions to owners.

Topics

#Access Management#Roles and Responsibilities#Privacy Policies#Data Governance

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice