ISC2 Exam CSSLP Topic 1 Question 17 Discussion

It is not a responsibility of a data owner. The data custodian (information custodian) is responsible for maintaining and protecting the data.

Answer B, A, and C are incorrect. All of these are responsibilities of a data owner.

The roles and responsibilities of a data owner are as follows:

The data owner (information owner) is usually a member of management, in charge of a specific business unit, and is ultimately

responsible for the protection and use of a specific subset of information.

The data owner decides upon the classification of the data that he is responsible for and alters that classification if the business needs

arise.

This person is also responsible for ensuring that the necessary security controls are in place, ensuring that proper access rights are

being used, defining security requirements per classification and backup requirements, approving any disclosure activities, and defining

user access criteria.

The data owner approves access requests or may choose to delegate this function to business unit managers. And it is the data owner

who will deal with security violations pertaining to the data he is responsible for protecting.

The data owner, who obviously has enough on his plate, delegates responsibility of the day-to-day maintenance of the data protection

mechanisms to the data custodian.