CISSP · Question #338
Who is accountable for the information within an Information System (IS)?
The correct answer is C. Data owner. The data owner is the person who has the authority and responsibility for the information within an Information System (IS). The data owner is accountable for the security, quality, and integrity of the data, as well as for defining the classification, sensitivity, retention, and
Question
Who is accountable for the information within an Information System (IS)?
Options
- ASecurity manager
- BSystem owner
- CData owner
- DData processor
How the community answered
(24 responses)- B4% (1)
- C88% (21)
- D8% (2)
Explanation
The data owner is the person who has the authority and responsibility for the information within an Information System (IS). The data owner is accountable for the security, quality, and integrity of the data, as well as for defining the classification, sensitivity, retention, and disposal of the data. The data owner must also approve or deny the access requests and periodically review the access rights. The security manager, the system owner, and the data processor are not accountable for the information within an IS, but they may have roles and responsibilities related to the security and operation of the IS.
Topics
Community Discussion
No community discussion yet for this question.