Who should be responsible for enforcing access rights to application data?
Answer options:
A. Data owners
B. Business process owners
C. The security steering committee
D. Security administrators
Answer correct:
D
As custodians, security administrators are responsible for enforcing access rights to data. Data owners are responsible for approving these access rights. Business process owners are sometimes the data owners as well, and would not be responsible for enforcement. The security steering committee would not be responsible for enforcement.