Certified in Risk and Information Systems Control (CRISC) — Question 960

Of the following, who should be PRIMARILY responsible for performing user entitlement reviews?

Answer options

• A. Data custodian
• B. IT personnel
• C. Data owner
• D. IT security manager

Correct answer: C

Explanation

The data owner is primarily responsible for user entitlement reviews as they have the authority and knowledge about who should have access to specific data. Other roles, such as the data custodian, IT personnel, and IT security manager, may assist or provide input, but the ultimate responsibility lies with the data owner for ensuring proper access controls.