Exam CISSP topic 1 question 377 discussion

Simply put, Data Stewards are responsible for what is stored in a data field, while data custodians are responsible for the technical environment and database structure. Common job titles for data custodians are database administrator (DBA), data modeler and ETL developer. https://en.wikipedia.org/wiki/Data_custodian

The custodian role is assigned to the user who is responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management

D. Ensure data compliance with rules and regulations Explanation: In CISSP Domain 2 (Asset Security) and Domain 7 (Security Operations): Data Steward Role: Focuses on operational governance, ensuring data is used per policies, laws, and regulations (e.g., GDPR, HIPAA). Compliance Priority: CISSP stresses adherence to legal/regulatory requirements as a core governance responsibility. Distinction from Other Roles: Data Owners (C): Define policies and classify data (accountability). Security Teams (B): Implement technical controls. Business Definitions (A): Enable governance but are secondary to enforcement. Why Not A (Business Definitions)? While defining business value is part of stewardship, compliance (D) directly addresses CISSP’s emphasis on mitigating legal and reputational risks.

sooo many people mixing up steward and custodian. a data steward is responsible for compliance and regulations soo therefore D

pg 50 CISSP study guide glossary: data custodian, data steward The subject who is assigned or delegated the task of implementing the prescribed protection defined by the security policy and upper management. The data custodian performs any and all activities necessary to provide adequate protection for data and to fulfill the requirements and responsibilities delegated to them by upper management. pg 52 glossary: data steward See data custodian. GOTTA LOVE THE OFFICIAL CISSP GUIDE! The answer is A because it's about the protection of data according to the definition above, they don't mention the database or datalake in the definition.

Cissp “ A data custodian or steward is a subject who has been assigned or delegated the day-to-day responsibility for proper storage and transport as well as protecting data, assets, and other organizational objects”

A: Data Steaward. Responsible for data quality (contents) B: Data custodian. Responsible for technical tasks to protect the data

I'm going with B...proper business definition, value and usage is in the realm of the data owner, not data steward/custodian.

Data Steward = A. Ensure proper business definition, value, and usage of data collected and stored within the enterprise data lake. Data Custodian = B. Ensure adequate security controls applied to the enterprise data lake.

A. Ensure proper business definition, value, and usage of data collected and stored within the enterprise data lake. While security controls are important for data lakes, the primary responsibility of a data steward is to manage and oversee the quality, relevance, and business value of the data stored in the data lake. This includes ensuring that the data collected is properly defined, serves a valid business purpose, and is used effectively across the organization. If the question was refering to Data Custodian then B. could have been the correct answer.

A. Usage of data "A data steward is responsible for carrying out data usage and security policies as determined through enterprise data governance initiatives, acting as a liaison between the IT department and the business side of an organization." https://www.techtarget.com/searchdatamanagement/definition/data-stewardship#:~:text=A%20data%20steward%20is%20responsible,business%20side%20of%20an%20organization.

Data Owner is accountable for Data Governance outcomes, whereas a Data Steward is responsible for the Data Governance tasks required to achieve those outcomes.

As cited in the ISC2 CISSP Official Study Guide, 'A data custodian or steward is a subject who has been assigned or delegated the day- to- day responsibility for proper storage and transport as well as protecting data, assets, and other organizational objects.' The proper storage and transport as well as protecting data is all done with the controls applied.

oops ! looks like answer is B data owner = controls CBK 9th edition pg 117 "NOTE Data owner has synonymous terms used in various guidelines and regulations. Con- sider information owner or steward as interchangeable terms, for instance.

i think its A = DATA steward (business) DATA owner = accountable for data (legal rights) Data steward = business responsible for data (metadata, governance etc) Data custodian = technical responsibility (backup, security etc)

"A" is correct. A quick Google Search on "DATA" steward will prove that: A data steward is responsible for carrying out data usage and security policies as determined through enterprise data governance initiatives, acting as a liaison between the IT department and the business side of an organization.