The responsibility for authorizing access to application data should be with the:

A.
data custodian.

B.
database administrator (DBA).

C.
data owner.

D.
security administrator.

Explanation:
Data owners should have the authority and responsibility for granting access to the data and applications for
which they are responsible. Data custodians are responsible only for storing and safeguarding the data. The
database administrator (DBA) is responsible for managing the database and the security administrator is
responsible for implementing and maintaining IS security. The ultimate responsibility for data resides with the
data owner.