Which of the following is NOT a responsibility of a data owner?
A.
Approving access requests
B.
Ensuring that the necessary security controls are in place
C.
Delegating responsibility of the day-to-day maintenance of the data protection mechanisms to
the data custodian
D.
Maintaining and protecting data
Explanation:
It is not a responsibility of a data owner. The data custodian (information custodian)
is responsible for maintaining and protecting the data.
responsibilities of a data owner are as follows: The data owner (information owner) is usually a
member of management, in charge of a specific business unit, and is ultimately responsible for the
protection and use of a specific subset of information. The data owner decides upon the
classification of the data that he is responsible for and alters that classification if the business
needs arise. This person is also responsible for ensuring that the necessary security controls are
in place, ensuring that proper access rights are being used, defining security requirements per
classification and backup requirements, approving any disclosure activities, and defining user
access criteria. The data owner approves access requests or may choose to delegate this function
to business unit managers. And it is the data owner who will deal with security violations pertaining
to the data he is responsible for protecting. The data owner, who obviously has enough on his
plate, delegates responsibility of the day-to-day maintenance of the data protection mechanisms to
the data custodian.