Certified Information Security Manager (CISM) — Question 236

An information security manager finds a legacy application has no defined data owner. Of the following, who would be MOST helpful in identifying the appropriate data owner?

Answer options

• A. The individual responsible for providing support for the application
• B. The individual who manages the process supported by the application
• C. The individual who manages users of the application
• D. The individual who has the most privileges within the application

Correct answer: B

Explanation

The correct answer is B, as the individual who manages the process supported by the application is most likely to have insight into the data's importance and its ownership requirements. Option A is focused on support rather than ownership, C addresses user management which does not equate to data ownership, and D relates to access privileges, which may not correlate with being the data owner.