Exam CISM topic 1 question 782 discussion

I chose C but in the context of ISACA, the ISACA says B - Reason given is - this is a practical interim measure to ensure the db is secured and managed properly until permanent solution is found.

C- The ISM does not assign any responsibilities to DBA. The best person is DB owner/senior mgmt.

Agree with Bruh_Moment . C

i go with c

DBA is data custodian, not data owner. Senior management needs to assign the ownership to a new data owner from the business side.

B From ISACA’s online glossary (not a useless AI tool) Database administrator (DBA) An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design, definition and maintenance of the database. This is ISACA’s exact definition of what they’re responsible for

Option C

C. Prepare a report of the databases for senior management.

Info sec manager is not in the position to assign responsibilities/ownership of database. This is management’s responsibility

Business owners need to be found it cannot and is not the DBAs responsibility to own the data their role is to administer is.

C. Prepare a report of the databases for senior management. DBA would not be an appropriate owner as he/she would not be capable to classify the data in the DB.

The most appropriate way for the information security manager to address this situation is to assign responsibility to the database administrator (DBA).

Based on ISACA's guidelines, the correct answer would be B, assigning responsibility to the database administrator (DBA). The information security manager should ensure that information assets are properly assigned to owners who are responsible for managing, protecting and overseeing them. By assigning ownership, accountability is established and risks can be effectively managed.