Home MCQs CISA Question #1733
Back to Questions
CISA QUESTION #1733
Question 1
Which of the following most accurately describes the respective responsibilities of the data owner, data user, and data custodian?
  • The data user is responsible for implementing security controls as required.
  • The data custodian defines what constitutes acceptable use of the data.
  • The data owner is responsible for specifying the appropriate controls over the data.✔️
  • The data custodian determines the security classification of the data.
Correct Answer Explanation
In an information governance framework: the data owner is responsible for defining controls, specifying acceptable use policies, and appointing the data custodian. The data custodian is responsible for protecting the data, ensuring its availability, and supporting users. Data users must comply with the acceptable use policy and report any violations they observe. The data owner — not the custodian — holds ultimate responsibility for data classification and control specification.