GIAC Security Essentials Certification (GSEC) — Question 35

Who is responsible for deciding the appropriate classification level for data within an organization?

Answer options

• A. Data custodian
• B. Security auditor
• C. End user
• D. Data owner

Correct answer: B

Explanation

The correct answer is B, as the security auditor evaluates and verifies the classification levels assigned to data, ensuring they meet compliance and security requirements. The data custodian (A) manages the data, while the end user (C) and data owner (D) may influence classification but do not have the final authority on it.