CGEIT Question #651: Real Exam Question with Answer & Explanation

The correct answer is A: Data owner. The data owner is ultimately accountable for the confidentiality, integrity, and availability of specific information assets within an enterprise.

Submitted by jakub_pl· Apr 18, 2026Governance of Enterprise IT

Question

Which of the following roles is accountable for the confidentiality, integrity, and availability of information within an enterprise?

Options

AData owner
BLead legal counsel
CRisk manager
DData custodian

Explanation

The data owner is ultimately accountable for the confidentiality, integrity, and availability of specific information assets within an enterprise.

Common mistakes.

B. The lead legal counsel is responsible for legal compliance and advising on legal risks, but not directly for the operational CIA of information assets.
C. A risk manager identifies and assesses risks, but typically does not hold the ultimate accountability for the CIA of information assets themselves.
D. A data custodian (or data steward) is responsible for the implementation and operational management of controls to protect data, acting on behalf of the data owner, but is not ultimately accountable for the data itself.

Concept tested. Data ownership and accountability

Reference. https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/govern/security/data-classification-governance

Topics

#Information security roles#Data owner#Accountability#CIA triad

Community Discussion

No community discussion yet for this question.

Full CGEIT Practice Browse All CGEIT Questions