Certified in Risk and Information Systems Control (CRISC) — Question 179

Who should be responsible for implementing and maintaining security controls?

Answer options

• A. Data custodian
• B. Internal auditor
• C. Data owner
• D. End user

Correct answer: A

Explanation

The correct answer, A. Data custodian, refers to the individual responsible for managing and protecting data, including security controls. The internal auditor (B) assesses compliance and risk, the data owner (C) is responsible for the data's overall management, and the end user (D) is typically not responsible for implementing security measures.