13. Mission, data, system owners, and data custodians Flashcards
Mission, data, system owners, and data custodians
Mission/Business Owners
Senior executives
- Make the policies that govern data security
Mission, data, system owners, and data custodians
Data/Information Owners
Management Level
- Assign sensitivity labels and backup frequency
- Approve access but do not grant access
Mission, data, system owners, and data custodians
Data Custodians
Technical Hands-on Employees
- Hands on employees who do backups, restores, patches and system config
- Do backups and restores at the direction of the data owner
Mission, data, system owners, and data custodians
System Owner
Management Level
- Owner of the systems that house the data
- Responsible for security profile of the system
- Data center manager or infrastructure manager as example
Mission, data, system owners, and data custodians
Data Controllers
Create and manage sensitive data
- For example, HR or Payroll
- Security could audit the processes of teams to ensure they are handling data correctly
Mission, data, system owners, and data custodians
Data Processors
Manage data for controllers
- for example, outsourced payroll
Mission, data, system owners, and data custodians
Security Administrators
- Firewalls
- IPS / IDS
- Security patches
- Account creation
- Assign access to data
Mission, data, system owners, and data custodians
Supervisors
- Responsible for user behaviour and assets created by users
- Responsible for user awareness
- Needs to inform Sec admin of changes to employment of users and permissions
Mission, data, system owners, and data custodians
Users
Users of the data
- Must be trained and made aware
- Need to understand what is acceptable and not acceptable
- Understand the consequences of not following policies, procedures, and standards
Mission, data, system owners, and data custodians
Auditors
Reviewing and confirming security policies are implemented
- validate they provide the protection that they should
- Can be internal or external
