Certified in Risk and Information Systems Control (CRISC) — Question 277

A risk practitioner notices a risk scenario associated with data loss at the organization's cloud provider is assigned to the provider. Who should the risk scenario be reassigned to?

Answer options

• A. Chief risk officer
• B. Vendor manager
• C. Data owner
• D. Senior management

Correct answer: C

Explanation

The correct answer is C, the Data owner, because they have the responsibility for the data and are best positioned to manage risks associated with it. The Chief risk officer, Vendor manager, and Senior management may have roles in risk oversight, but they do not have direct responsibility for the data itself.