New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CSSLP Exam - Topic 1 Question 17 Discussion

Actual exam question for ISC2's CSSLP exam
Question #: 17
Topic #: 1
[All CSSLP Questions]

Which of the following is NOT a responsibility of a data owner?

Show Suggested Answer Hide Answer
Suggested Answer: D

It is not a responsibility of a data owner. The data custodian (information custodian) is responsible for maintaining and protecting the data.

Answer B, A, and C are incorrect. All of these are responsibilities of a data owner.

The roles and responsibilities of a data owner are as follows:

The data owner (information owner) is usually a member of management, in charge of a specific business unit, and is ultimately

responsible for the protection and use of a specific subset of information.

The data owner decides upon the classification of the data that he is responsible for and alters that classification if the business needs

arise.

This person is also responsible for ensuring that the necessary security controls are in place, ensuring that proper access rights are

being used, defining security requirements per classification and backup requirements, approving any disclosure activities, and defining

user access criteria.

The data owner approves access requests or may choose to delegate this function to business unit managers. And it is the data owner

who will deal with security violations pertaining to the data he is responsible for protecting.

The data owner, who obviously has enough on his plate, delegates responsibility of the day-to-day maintenance of the data protection

mechanisms to the data custodian.


by My at May 07, 2022, 11:55 PM

Limited Time Offer

25%

Off

Get Premium CSSLP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tresa
4 months ago
I thought maintaining data was also part of their role?
upvoted 0 times
...
Pamella
4 months ago
They definitely need to ensure security controls are in place.
upvoted 0 times
...
Geraldo
4 months ago
Wait, are you sure about that?
upvoted 0 times
...
Enola
4 months ago
Totally agree, that's their job!
upvoted 0 times
...
Kiera
5 months ago
Data owners approve access requests.
upvoted 0 times
...
Janae
5 months ago
This question is tricky! I practiced a similar one where the data owner had to delegate tasks, so I’m leaning towards option C as the answer.
upvoted 0 times
...
Fabiola
5 months ago
I feel like ensuring security controls is a big part of the data owner's job, but I could be mixing it up with the custodian's role.
upvoted 0 times
...
Becky
5 months ago
I remember that the data custodian handles the day-to-day maintenance, so maybe option D is the one that doesn't belong to the data owner.
upvoted 0 times
...
Fairy
5 months ago
I think the data owner is responsible for approving access requests, but I'm not sure if they also maintain the data directly.
upvoted 0 times
...
Kenneth
5 months ago
I think the answer is A - unusual and unexpected data and transactions. That's what contrived testing is all about, putting the system through its paces with edge cases and strange inputs.
upvoted 0 times
...
Lavonne
5 months ago
I've got a good feeling about this. The intersection of vulnerability sources and CMDB CIs sounds like it could be the CMDB_CI_Vuln record type.
upvoted 0 times
...
Inocencia
5 months ago
Okay, let me think this through step-by-step. The question is asking about the suitability of a specific deployment scenario, so I'll need to consider the pros and cons of that scenario based on the node count.
upvoted 0 times
...

Save Cancel