nerdexam
(ISC)2

CISSP · Question #276

Which of the following would BEST describe the role directly responsible for data within an organization?

The correct answer is B. Information owner. This question tests knowledge of data governance roles and who holds ultimate accountability for data assets within an organization.

Submitted by thandi_sa· Mar 5, 2026Asset Security

Question

Which of the following would BEST describe the role directly responsible for data within an organization?

Options

  • AData custodian
  • BInformation owner
  • CDatabase administrator
  • DQuality control

How the community answered

(40 responses)
  • A
    3% (1)
  • B
    90% (36)
  • C
    3% (1)
  • D
    5% (2)

Why each option

This question tests knowledge of data governance roles and who holds ultimate accountability for data assets within an organization.

AData custodian

The Data Custodian is responsible for the technical management and safeguarding of data (e.g., backups, storage, access controls) on behalf of the information owner, but does not hold direct ownership or business accountability for the data.

BInformation ownerCorrect

The Information Owner (also called Data Owner) is the role directly responsible for data within an organization, holding ultimate accountability for the classification, protection, and use of specific data assets. This role defines who can access the data, sets policies around its use, and ensures it is appropriately secured and compliant with regulations. Unlike custodians or administrators who manage data operationally, the information owner has business-level authority and responsibility over the data itself.

CDatabase administrator

A Database Administrator manages the technical infrastructure of databases, including performance tuning and maintenance, but is an operational role without formal accountability or authority over the data's classification or governance policies.

DQuality control

Quality Control is a process-focused function concerned with ensuring products or data meet defined standards, but it is not a recognized data governance role with direct responsibility or ownership over organizational data.

Concept tested: Data governance roles and information ownership accountability

Source: https://csrc.nist.gov/glossary/term/information_owner

Topics

#Data roles#Information owner#Data governance#Data responsibility

Community Discussion

No community discussion yet for this question.

Full CISSP Practice