Certified in the Governance of Enterprise IT (CGEIT) — Question 288

Which of the following roles is accountable for the confidentiality, integrity, and availability of information within an enterprise?

Answer options

• A. Data custodian
• B. Risk manager
• C. Data owner
• D. Lead legal counsel

Correct answer: A

Explanation

The Data custodian is responsible for maintaining the security and proper handling of data, ensuring its confidentiality, integrity, and availability. The Risk manager focuses on identifying and mitigating risks, while the Data owner is responsible for the data itself but may not directly manage its security. Lead legal counsel typically addresses legal issues rather than information security.