Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?

Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?

Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?

A.
The data owner implements the information classification scheme after the initial assignment by the custodian.

B.
The custodian implements the information classification scheme after the initial assignment by the operations manager.

C.
The data custodian implements the information classification scheme after the initial assignment by the data owner.

D.
The custodian makes the initial information classification assignments, and the operations manager implements the scheme.

Explanation:

The data owner is responsible for ensuring that the appropriate security controls are in place, for assigning the initial classification to the data to be protected, for approving access requests from other parts of the organization, and for periodically reviewing the data classifications and access rights. Data owners are primarily responsible for determining the data’s sensitivity or classification levels, whereas the data custodian has the responsibility for backup, retention, and recovery of data. The data owner delegates these responsibilities to the custodian.

Answer options A, D, and B are incorrect. These are not the valid answers.

Reference: The CISM Prep Guide: Mastering the Five Domains of Information Security Management, Contents: "Information Security Governance"



Leave a Reply 0

Your email address will not be published. Required fields are marked *