“Great to see you studying data ownership on this 37th day! Ownership in general is important, as well as the delegation of data maintenance!” – Luke Ahmed

Today is Day 37 of Yihenew’s CISSP study plan, focusing on Data Ownership — one of the most important governance concepts in the CISSP exam.

Many candidates overthink encryption and storage mechanisms but overlook a fundamental question: Who owns the data?Understanding ownership clarifies accountability, responsibility, and compliance — the core of what CISSP is about.

Key Areas Covered in the CISSP Study Plan

• Data Owner

  • Typically a senior manager responsible for classifying information and determining its sensitivity.

  • Decides who gets access and what level of protection is required.

  • Delegates operational tasks to custodians but retains accountability.

• Data Custodian

  • Implements and maintains the controls defined by the owner.

  • Handles backups, labeling, and ensuring compliance with security policies.

• Data Processor

  • Often a third party handling or processing data on behalf of the controller or owner (critical under GDPR).

• Data Controller

  • Determines why and how personal data is processed — typically the organization itself.

• Key Concept:Ownership is accountability, not physical possession. You can outsource data storage to the cloud, but you can never outsource responsibility.

CISSP Exam Tie-In

Expect CISSP questions that blur the line between ownership and custodianship.

• The Owner decides classification and access.

• The Custodian enforces those decisions.

• The User simply uses the data according to assigned privileges.

If the question mentions who approves access or classification, the answer is Data Owner.

Quick CISSP Practice Question

Who is primarily responsible for determining data classification levels and defining access authorization?

A. Data Custodian

B. Data Owner

C. Security Administrator

D. System Operator

✅ Correct Answer: B. Data Owner

Explanation:The Data Owner holds ultimate accountability for data protection, classification, and access authorization. Custodians enforce controls, but they do not define classification or policy.

Think Like a Manager:In CISSP, data governance is about who makes the decision — not who performs the task. Ownership means responsibility at the policy level, not at the keyboard.

Check out Yani's TikTok or see Day 36 or Day 38.

👉 Can you take the Yani Challenge?

55 days of consistent CISSP prep, tackling one domain at a time, using only the resources below:

Course

Luke's CISSP Course (2 months access, $89.98)

One-to-one Zoom sessions with Luke Ahmed (2 weeks before exam)

Books, Notes, and Practice Questions

All-In-One Study Guide by Shon Harris (Around $45)

Sybex 10th Edition (Around $52.55)

Official CISSP Practice Tests, 4th Edition by Mike Chapple & David Seidl (Around $35)

How To Think Like A Manager for the CISSP Exam ($29.99)

Total Cost: approxiamately $250 depending on your geographic location. Yani is located in East Africa.

📚 Study Plan (55 Days of Dedication):

- Weekdays: 2–3 hours of focused study—late nights and early mornings (5 AM).

- Weekends: 5–6 hours of deep study sessions.

Pass CISSP in first attempt within 100 questions.

Yani's biggest expense was his time, committment, consistency, and dedication! It was worth it because he passed first attempt in 100 questions using the above resources only.

If Yihenew could do it, so can you.

All the best Future CISSP. You can feel free to contact me anytime as well.

Thank you.

Luke Ahmed