The data owner is responsible for ensuring that information is appropriately classified and protected. They are accountable for defining access controls and ensuring compliance with data protection policies, making them primarily accountable for risks associated with business information protection.
[Reference:ISACA CRISC Review Manual, 7th Edition, Chapter 1: Governance, Section: Roles and Responsibilities., , , , , , , ]
Submit