PrepAway - Latest Free Exam Questions & Answers

Which of the following is not Jim’s responsibility as information owner?

As head of sales, Jim is the information owner for the sales department. Which of the following is not Jim’s responsibility as information owner?

PrepAway - Latest Free Exam Questions & Answers

A.
Assigning information classifications

B.
Dictating how data should be protected

C.
Verifying the availability of data

D.
Determining how long to retain data

Explanation:
C: The responsibility of verifying the availability of data is the only responsibility listed that does not belong to the information owner. Rather, it is the responsibility of the
information custodian. The information custodian is also responsible for maintaining and protecting data as dictated by the information owner. This includes performing regular
backups of data, restoring data from backup media, retaining records of activity, and fulfilling information security and data protection requirements in the company’s policies,
guidelines, and standards. Information owners work at a higher level than the custodians. The owners basically state, “This is the level of integrity, availability, and confidentiality
that needs to be providednow go do it.” The custodian must then carry out these mandates and follow up with the installed controls to make sure they are working properly.
A is incorrect because as information owner Jim is responsible for assigning information classifications. (The question asked which of the following Jim is not responsible for.)
B is incorrect because information owners such as Jim are responsible for dictating how information should be protected. The information owner has the organizational
responsibility for data protection and is liable for any negligence when it comes to protecting the organization’s information assets. This means that Jim must make decisions
regarding how information is protected and ensure that the information custodian (a role usually filled by IT or security) is carrying out these decisions.
D is incorrect because determining how long to retain data is the responsibility of the information owner. The information owner is also responsible for determining who can
access the information and ensuring that proper access rights are being used. He can approve access requests himself or delegate the function to business unit managers, who
will approve requests based on user access criteria defined by the information owner.


Leave a Reply