Who is ultimately accountable for the protection of an information asset?
A CISSP practice question covering Domain 2: Asset Security. Try answering before reading the explanation below.
Show options & answer
Why "The data owner (business stakeholder)" is the right answer
Accountability rests with the data owner — usually a senior business stakeholder. Custodians implement and operate controls. The CISO sets program direction. Users follow policy. Owner accountability is a recurring CISSP theme.
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.