Certified in Risk and Information Systems Control (CRISC) — Question 1285

Who should be accountable for authorizing information system access to internal users?

Answer options

• A. Information security manager
• B. Information owner
• C. Information custodian
• D. Information security officer

Correct answer: B

Explanation

The Information owner is the individual responsible for the management and protection of specific information, making them accountable for authorizing access. The Information security manager, Information custodian, and Information security officer play supportive roles in security but do not hold the authority to grant access to internal users.