nerdexam
(ISC)2

CISSP · Question #353

An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who is respons

The correct answer is D. The data owner. The data owner is the person who has the authority and responsibility for the data stored, processed, or transmitted by an Information System (IS). The data owner is responsible for the monetary losses if there was a data breach, as the data owner is accountable for the security,

Submitted by jakub_pl· Mar 5, 2026Asset Security

Question

An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who is responsible for monetary losses?

Options

  • AThe Data Protection Authority (DPA)
  • BThe Cloud Service Provider (CSP)
  • CThe application developers
  • DThe data owner

How the community answered

(25 responses)
  • A
    16% (4)
  • B
    8% (2)
  • C
    4% (1)
  • D
    72% (18)

Explanation

The data owner is the person who has the authority and responsibility for the data stored, processed, or transmitted by an Information System (IS). The data owner is responsible for the monetary losses if there was a data breach, as the data owner is accountable for the security, quality, and integrity of the data, as well as for defining the classification, sensitivity, retention, and disposal of the data. The Data Protection Authority (DPA) is not responsible for the monetary losses, but for the enforcement of the data protection laws and regulations. The Cloud Service Provider (CSP) is not responsible for the monetary losses, but for the provision of the cloud services and the protection of the cloud infrastructure. The application developers are not responsible for the monetary losses, but for the development and maintenance of the software

Topics

#Cloud security#Shared responsibility#Data ownership#SaaS security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice