Certified in Risk and Information Systems Control (CRISC) — Question 1375

Who is BEST suited to determine whether a new control properly mitigates data loss risk within a system?

Answer options

• A. Control owner
• B. Risk owner
• C. Data owner
• D. System owner

Correct answer: A

Explanation

The Control owner is responsible for the implementation and management of controls, making them the most qualified to evaluate the effectiveness of a new control in mitigating data loss risks. The Risk owner focuses on the overall risk management process, the Data owner handles data stewardship, and the System owner manages the system infrastructure, but none of these roles are specifically tasked with control evaluation.