Who should be responsible for enforcing access rights to application data?

A.
Data owners

B.
Business process owners

C.
The security steering committee

D.
Security administrators

Explanation:

As custodians, security administrators are responsible for enforcing access rights to data. Data
owners are responsible for approving these access rights. Business process owners are
sometimes the data owners as well, and would not be responsible for enforcement. The security
steering committee would not be responsible for enforcement.