Exam CGEIT topic 1 question 452 discussion

C. Data owner The data owner is responsible for ensuring that the information assets of the organization are adequately protected in terms of confidentiality, integrity, and availability. This responsibility includes defining access controls, setting policies regarding data usage, and ensuring that appropriate security measures are in place to safeguard the information. A data custodian (Option A) typically implements the controls and safeguards defined by the data owner. The risk manager (Option B) identifies, assesses, and mitigates risks across the organization but may not directly oversee the confidentiality, integrity, and availability of information assets. Lead legal counsel (Option D) provides legal advice and ensures compliance with relevant laws and regulations but may not have the primary responsibility for information security within the enterprise.

The role that is accountable for the confidentiality, integrity, and availability of information within an enterprise is: C. Data owner. The data owner is responsible for the accountability and protection of information within an enterprise. This role typically holds the ultimate responsibility for the confidentiality, integrity, and availability of the data they own. The data owner determines the access rights, establishes security controls, and ensures that appropriate measures are in place to safeguard the information under their purview. They work closely with other stakeholders, such as data custodians (option A)

Why not data owner be accountable?