CISSP · Question #349
Who is responsible for the protection of information when it is shared with or provided to other organizations?
The correct answer is C. Information owner. The information owner is the person who has the authority and responsibility for the information within an Information System (IS). The information owner is responsible for the protection of information when it is shared with or provided to other organizations, such as by definin
Question
Who is responsible for the protection of information when it is shared with or provided to other organizations?
Options
- ASystems owner
- BAuthorizing Official (AO)
- CInformation owner
- DSecurity officer
How the community answered
(50 responses)- B2% (1)
- C94% (47)
- D4% (2)
Explanation
The information owner is the person who has the authority and responsibility for the information within an Information System (IS). The information owner is responsible for the protection of information when it is shared with or provided to other organizations, such as by defining the classification, sensitivity, retention, and disposal of the information, as well as by approving or denying the access requests and periodically reviewing the access rights. The system owner, the authorizing official, and the security officer are not responsible for the protection of information when it is shared with or provided to other organizations, although they may have roles and responsibilities related to the security and operation of the IS.
Topics
Community Discussion
No community discussion yet for this question.