Which of the following is given the responsibility of the maintenance and protection of the data?

A.
Data owner

B.
Data custodian

C.
User

D.
Security administrator

Explanation:
The data custodian (information custodian) is responsible for maintaining and protecting the data. This role is
usually filled by the IT or security department, and the duties include implementing and maintaining security
controls; performing regular backups of the data; periodically validating the integrity of the data; restoring data
from backup media; retaining records of activity; and fulfilling the requirements specified in the company’s
security policy, standards, and guidelines that pertain to information security and data protection.
Incorrect Answers:
A: The data owner (information owner) is usually a member of management who is in charge of a specific
business unit, and who is ultimately responsible for the protection and use of a specific subset of information.
The data owner is not is given the responsibility of the maintenance and protection of the data.
C: The user is any individual who routinely uses the data for work-related tasks. The user is not given the
responsibility of the maintenance and protection of the data.D: The security administrator is responsible for implementing and maintaining specific security network devices
and software in the enterprise. The security administrator is not is given the responsibility of the maintenance
and protection of the data.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 122