Comprehensive and Detailed Explanation:
The CGEIT Review Manual 8th Edition, in its Governance of Enterprise IT domain, defines roles and responsibilities for information security. The data owner is accountable for ensuring the confidentiality, integrity, and availability (CIA) of information, as they have authority over specific data sets and define security requirements. For example, a data owner for customer data ensures access controls and data protection measures are in place. The manual likely references COBIT 2019’s APO14-Managed Data, which assigns CIA accountability to data owners.
Option B: Lead legal counsel advises on legal compliance, not CIA.
Option C: Risk manager oversees risk but not specific data accountability.
Option D: Data custodian implements controls but is not accountable for CIA.
Double Verification: The answer aligns with COBIT’s APO14 and the CGEIT domain’s focus on data roles. Data owner accountability is a standard ISACA principle.
ISACA CGEIT Review Manual 8th Edition, Domain 1: Governance of Enterprise IT (focus on data roles).
COBIT 2019, APO14-Managed Data.
ISACA Glossary (for definitions of data owner), available at https://www.isaca.org/resources/glossary.
