nerdexam
(ISC)2

CISSP · Question #349

Who is responsible for the protection of information when it is shared with or provided to other organizations?

The correct answer is C. Information owner. The information owner is the person who has the authority and responsibility for the information within an Information System (IS). The information owner is responsible for the protection of information when it is shared with or provided to other organizations, such as by definin

Submitted by tom_us· Mar 5, 2026Asset Security

Question

Who is responsible for the protection of information when it is shared with or provided to other organizations?

Options

  • ASystems owner
  • BAuthorizing Official (AO)
  • CInformation owner
  • DSecurity officer

How the community answered

(50 responses)
  • B
    2% (1)
  • C
    94% (47)
  • D
    4% (2)

Explanation

The information owner is the person who has the authority and responsibility for the information within an Information System (IS). The information owner is responsible for the protection of information when it is shared with or provided to other organizations, such as by defining the classification, sensitivity, retention, and disposal of the information, as well as by approving or denying the access requests and periodically reviewing the access rights. The system owner, the authorizing official, and the security officer are not responsible for the protection of information when it is shared with or provided to other organizations, although they may have roles and responsibilities related to the security and operation of the IS.

Topics

#Information owner#Data governance#Data responsibility#Third-party data sharing

Community Discussion

No community discussion yet for this question.

Full CISSP Practice