The organization you work for has implemented a new security policy that governs the use and access of data at a much stricter level than before. The organization is requiring that a classification system be put in place that classifies data as public, private, sensitive$,$ and confidential. Users have been trained internally on how to assign appropriate metadata to files to ensure classification is maintained.

The security policy also requires that the data is secure and encrypted at rest. This includes any financial information that is contained within the internal database systems. These systems already have the values hashed in the database, but drive encryption is not turned on$.$

Who in the organization would typically be responsible for implementing the security controls to protect the data?

Answers

A$.$ The data owner

B$.$ The data user

C$.$ The data processor

D$.$ The data custodian