Learn who should be accountable for authorizing information system access to internal users according to the CRISC certification exam. Understand the roles and responsibilities of the information owner in granting access rights.
Table of Contents
Question
Who should be accountable for authorizing information system access to internal users?
A. Information security manager
B. Information owner
C. Information custodian
D. Information security officer
Answer
B. Information owner
Explanation
The information owner should be accountable for authorizing information system access to internal users. The information owner is responsible for defining the classification, criticality, and sensitivity of the information assets they own. They establish the access control requirements and approve access requests based on the user’s role and business need.
The information owner ensures that access rights align with the organization’s policies and regulatory requirements. While the information security manager, custodian, and officer play important roles in implementing and monitoring access controls, the ultimate accountability for authorizing access lies with the information owner.
ISACA Certified in Risk and Information Systems Control (CRISC) certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the ISACA CRISC exam and earn ISACA CRISC certification.