CSSLP · Question #235
CSSLP Question #235: Real Exam Question with Answer & Explanation
The correct answer is A: Reviewing the classification assignments at regular time intervals and making changes as the business. Data owners are responsible for defining the classification of information, reviewing these classifications periodically, and delegating the operational protection tasks to data custodians.
Question
Which of the following are the responsibilities of the owner with regard to data in an information classification program? Each correct answer represents a complete solution. Choose three.
Options
- AReviewing the classification assignments at regular time intervals and making changes as the business
- BRunning regular backups and routinely testing the validity of the backup data.
- CDelegating the responsibility of the data protection duties to a custodian.
- DDetermining what level of classification the information requires.
Explanation
Data owners are responsible for defining the classification of information, reviewing these classifications periodically, and delegating the operational protection tasks to data custodians.
Common mistakes.
- B. Running regular backups and testing their validity are operational tasks typically performed by a data custodian or system administrator, not the primary responsibility of the data owner.
Concept tested. Data owner responsibilities in classification programs
Reference. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-18r1.pdf
Topics
Community Discussion
No community discussion yet for this question.