Certified Information Systems Auditor (CISA) — Question 1041

Who is responsible for authorizing data access for users?

Answer options

• A. Information owner
• B. Chief information officer (CIO)
• C. Security administrator
• D. Database administrator (DBA)

Correct answer: A

Explanation

The Information owner is the person who has the authority to make decisions about who can access the data, making them responsible for data access authorization. The Chief information officer (CIO) typically oversees IT strategy but may not directly handle access permissions. The Security administrator manages security policies but does not own the data, while the Database administrator (DBA) focuses on database management rather than access authorization.