PrepAway - Latest Free Exam Questions & Answers

Who is ultimately responsible for the security of compu…

Who is ultimately responsible for the security of computer based information systems within an organization?

PrepAway - Latest Free Exam Questions & Answers

A.
The tech support team

B.
The Operation Team.

C.
The management team.

D.
The training team.

Explanation:
The data owner (information owner) is usually a member of management who is in charge of a specific
business unit, and who is ultimately responsible for the protection and use of a specific subset of information.
The data owner has due care responsibilities and thus will be held responsible for any negligent act that results
in the corruption or disclosure of the data. The data owner decides upon the classification of the data she is
responsible for and alters that classification if the business need arises. This person is also responsible for
ensuring that the necessary security controls are in place, defining security requirements per classification and
backup requirements, approving any disclosure activities, ensuring that proper access rights are being used,
and defining user access criteria. The data owner approves access requests or may choose to delegate this
function to business unit managers. And the data owner will deal with security violations pertaining to the data
she is responsible for protecting. The data owner, who obviously has enough on her plate, delegates
responsibility of the day-to-day maintenance of the data protection mechanisms to the data custodian.
Incorrect Answers:
A: The tech support team often performs the role of data custodian which includes the day-to-day maintenance
of the data protection mechanisms. However, the tech support team is not ultimately responsible for the
security of the computer based information systems.
B: The Operation team is not responsible for the security of the computer based information systems.
D: The training team is not responsible for the security of the computer based information systems.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 121


Leave a Reply