Which choice below BEST describes the difference between the System
Owner and the Information Owner?

A.
The System Owner is responsible for establishing the rules for
appropriate use of the information.

B.
The Information Owner is responsible for defining the system’s
operating parameters.

C.
One system could have multiple information owners.

D.
There is a one-to-one relationship between system owners and
information owners.

Explanation:
The System Owner is responsible for ensuring that the security
plan is prepared and for implementing the plan and monitoring its
effectiveness. The System Owner is responsible for defining the system’s
operating parameters, authorized functions, and security
requirements. The information owner for information stored within,
processed by, or transmitted by a system may or may not be the same
as the System Owner. Also, a single system may utilize information
from multiple Information Owners.
The Information Owner is responsible for establishing the rules for
appropriate use and protection of the subject data/information (rules of
behavior). The Information Owner retains that responsibility even
when the data/information are shared with other organizations.
Source: NIST Special Publication 800-18, Guide for Developing Security
Plans for Information Technology Systems.