nerdexam
(ISC)2

CISSP · Question #595

Organization A is adding a large collection of confidential data records that it received when it acquired Organization B to its data store. Many of the users and staff from Organization B are no long

The correct answer is A. Assign data owners from Organization A to the acquired data.. Data ownership is a key concept in data security and classification. Data owners are responsible for defining the value, sensitivity, and classification of the data, as well as the access rights and controls for the data. When Organization A acquires data from Organization B, it

Submitted by ravi_2018· Mar 5, 2026Asset Security

Question

Organization A is adding a large collection of confidential data records that it received when it acquired Organization B to its data store. Many of the users and staff from Organization B are no longer available. Which of the following MUST Organization A 0do to property classify and secure the acquired data?

Options

  • AAssign data owners from Organization A to the acquired data.
  • BCreate placeholder accounts that represent former users from Organization B.
  • CArchive audit records that refer to users from Organization A.
  • DChange the data classification for data acquired from Organization B.

How the community answered

(34 responses)
  • A
    71% (24)
  • B
    6% (2)
  • C
    15% (5)
  • D
    9% (3)

Explanation

Data ownership is a key concept in data security and classification. Data owners are responsible for defining the value, sensitivity, and classification of the data, as well as the access rights and controls for the data. When Organization A acquires data from Organization B, it should assign data owners from its own organization to the acquired data, so that they can properly classify and secure the data according to Organization A's policies and standards. Creating placeholder accounts, archiving audit records, or changing the data classification are not sufficient or necessary steps to ensure the security of the acquired data.

Topics

#Data classification#Data ownership#Data governance#M&A security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice