Certified in Risk and Information Systems Control (CRISC) — Question 1205
Which of the following should be the PRIMARY role of the data owner in a risk management program?
Answer options
- A. Maintaining data syntax rules
- B. Establishing enterprise system security levels
- C. Applying data classification policy
- D. Specifying retention requirements
Correct answer: C
Explanation
The primary role of the data owner is to apply data classification policy, as this ensures that data is categorized appropriately based on sensitivity and compliance requirements. While maintaining data syntax rules and establishing security levels are important, they are not the primary focus of the data owner. Specifying retention requirements is relevant but secondary to the classification of data.