Which of the following is not a responsibility of an information (data) owner?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
This responsibility would be delegated to a data custodian rather than being performed directly by the information owner.
"Determine what level of classification the information requires" is incorrect.This is one of the major responsibilities of an information owner.
"Periodically review the classification assignments against business needs" is incorrect.This is one of the major responsibilities of an information owner.
"Delegates responsibility of maintenance of the data protection mechanisms to the data custodian" is incorrect.This is a responsibility of the information owner.
References: CBK p.
105
AIO3, p.
53-54, 960
The correct answer is D: Running regular backups and periodically testing the validity of the backup data.
Explanation:
An information owner is responsible for managing and controlling the access to a specific set of data or information within an organization. They are responsible for determining the level of classification the information requires, periodically reviewing the classification assignments against business needs, and delegating the responsibility of data protection to data custodians.
However, running regular backups and periodically testing the validity of the backup data is not the responsibility of the information owner. This responsibility usually falls under the purview of the data custodian. A data custodian is responsible for implementing the technical controls necessary to safeguard the data, including backing up the data, ensuring its availability, and testing the validity of backup data.
In summary, while the information owner is responsible for managing and controlling access to a specific set of data, running regular backups and periodically testing the validity of the backup data is the responsibility of the data custodian, not the information owner.