In business-critical applications, user access should be approved by the:
A.
information security manager.
B.
data owner.
C.
data custodian.
D.
business management.
Explanation:
A data owner is in the best position to validate access rights to users due to their deep
understanding of business requirements and of functional implementation within the application.
This responsibility should be enforced by the policy. An information security manager will
coordinate and execute the implementation of the role-based access control. A data custodian will
ensure that proper safeguards are in place to protect the data from unauthorized access; it is not
the data custodian’s responsibility to assign access rights. Business management is not. in all
cases, the owner of the data.