nerdexam
(ISC)2

CISSP · Question #338

Who is accountable for the information within an Information System (IS)?

The correct answer is C. Data owner. The data owner is the person who has the authority and responsibility for the information within an Information System (IS). The data owner is accountable for the security, quality, and integrity of the data, as well as for defining the classification, sensitivity, retention, and

Submitted by fernanda_arg· Mar 5, 2026Asset Security

Question

Who is accountable for the information within an Information System (IS)?

Options

  • ASecurity manager
  • BSystem owner
  • CData owner
  • DData processor

How the community answered

(24 responses)
  • B
    4% (1)
  • C
    88% (21)
  • D
    8% (2)

Explanation

The data owner is the person who has the authority and responsibility for the information within an Information System (IS). The data owner is accountable for the security, quality, and integrity of the data, as well as for defining the classification, sensitivity, retention, and disposal of the data. The data owner must also approve or deny the access requests and periodically review the access rights. The security manager, the system owner, and the data processor are not accountable for the information within an IS, but they may have roles and responsibilities related to the security and operation of the IS.

Topics

#data owner#accountability#security roles

Community Discussion

No community discussion yet for this question.

Full CISSP Practice