Ch2 - 2.04 - Looking at Security Roles Flashcards
System Owner and Data Owner
The owner—either the system owner or the data owner—is the person who decides how valuable the asset is and what types of security controls should be put in place to protect the asset. The owner also decides the sensitivity of the information, such as top secret when dealing with classification systems.
The owner of the asset is upper-level management and holds the ultimate responsibility of securing the asset and security within the organization.
System Administrator
The system administrator is the person responsible for the configuration of a system or network. The system administrator receives configuration goals from the designers or the security professionals within the organization and configures the systems in a manner to meet those goals.
It is important that the security professional is someone other than the system administrator so that the security professional can audit the configuration tasks of the system administrator to ensure that the configuration leaves a system in a secure state.
Other Roles
- User
- Privileged User
- Executive User
- Security Officer
The security officer has a very important role and is the liaison between management (the owner) and the IT staff (custodian). The security officer is responsible for making sure that policies are being followed by educating everyone on their role within the organization.
The security officer has the challenge of helping management understand the value of the security controls put in place by ensuring they understand their legal responsibilities and the financial benefits of implementing the controls.
Data Roles
- Owner
- Steward/custodian
- Privacy officer