The role that is responsible for determining who has a need for the information when developing the entitlement review process is the data owner. The data owner is a person or entity that has the authority and accountability for the creation, classification, usage, and protection of the data or information within an organization. The data owner is responsible for determining who has a need for the information when developing the entitlement review process, by defining and approving the access rights and privileges of the data or information, based on the business needs and security requirements of the organization and the stakeholders. The entitlement review process is a process that verifies and validates the access rights and privileges of the data or information, to ensure that they are appropriate, necessary, and compliant with the organization’s policies and standards. The entitlement review process can help to prevent or reduce the unauthorized, excessive, or inappropriate access to the data or information, as well as to identify and resolve any access issues or anomalies. The data owner is responsible for determining who has a need for the information when developing the entitlement review process, by ensuring that the access rights and privileges of the data or information are consistent and compatible with the data owner’s objectives and expectations, as well as with the data owner’s roles and responsibilities. Data Custodian, Database Administrator, or Information Technology (IT) Director are not the roles that are responsible for determining who has a need for the information when developing the entitlement review process, as they are more related to the implementation, maintenance, or management aspects of the data or information, rather than the authority or accountability aspects of the data or information. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5: Identity and Access Management, page 308; CISSP Official (ISC)2 Practice Tests, Third Edition, Domain 5: Identity and Access Management, Question 5.9, page 220.
Submit