Effective CISSP Questions

Your company is implementing a solution for customer analytics that extracts, transforms, and loads data into the enterprise data warehouse from various information systems that collect and process customer data, subject to change as customers may move to new places and switch to new phones, etc. Which of the following is the best role to enforce data consistency and quality?
A. Data controller
B. Data owner
C. Data steward
D. Data custodian

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Data steward.

Data Governance

In a data governance program, there are common roles like data owner, data steward, data custodian, etc. A data owner is accountable for the data he owns.

  • A data owner, typically a member of the management team, is responsible for determining roles and responsibilities, classifying, and authorizing data. A data owner may delegate tasks to the data steward, data custodian, other roles.
  • “The overall objective of a data steward is data quality, in regard to the key/critical data elements existing within a specific enterprise operating structure, of the elements in their respective domains. This includes documenting meta information for their elements, such as definitions, related rules/governance, physical manifestation, and related data models.” (Wikipedia)
  • Data Custodians are responsible for the safe custody, transport, storage of the data and implementation of business rules. Simply put, Data Stewards are responsible for what is stored in a data field, while Data Custodians are responsible for the technical environment and database structure. Common job titles for data custodians are Database Administrator (DBA), Data Modeler, and ETL Developer.” (Wikipedia)

Personal Data and Controller

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; (GDPR)

PlI Controller or Data Controller is the “privacy stakeholder (or privacy stakeholders) that determines the purposes and means for processing personally identifiable information (PlI) other than natural persons who use data for personal purposes.” (ISO 29100) 



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

A. 數據控制者 (Data controller)
B. 數據所有者 (Data owner)
C. 數據管理員 (Data steward)
D. 數據保管人 (Data custodian)


Leave a Reply