Domain 2: Understanding Data Roles Flashcards
Who has the primary responsibility of protecting the data and assets?
Data Owner/Information Owner
Who is the person who has ultimate organizational responsibility for data?
Data Owner/Information Owner
Who is typically the chief executive officer (CEO), president, or a department head?
Data Owner/Information Owner
Who identifies the classification of data?
Data Owner/Information Owner
Who ensures the data is labeled properly?
Data Owner/Information Owner
Who insures that the data has adequate security controls based on the classification and the organization’s security policy requirements?
Data Owner/Information Owner
Who may be liable for negligence if they fail to perform due diligence in establishing and enforcing security policies to protect and sustain sensitive data?
Data Owner/Information Owner
Establishes the rules for appropriate use and protection of the subject data/information (rules of behavior)
Data Owner/Information Owner
Provides input to information system owners regarding the security requirements and security controls for the information system(s) where the information resides.
Data Owner/Information Owner
Decides who has access to the information system and what types of privileges or access rights.
Data Owner/Information Owner
Assists in the identification and assessment of the common security controls where the information resides.
Data Owner/Information Owner
Persons and organizations responsible for the collection and use of data.
Data Controller
Determines the purposes for which and the means by which personal data is processed.
Data Controller
The entity that determines the “how” and the “why” of personal data collection and use.
Data Controller
Outsourcing data to other organizations.
Data Processors
A natural or legal person, public authority, agency, or other body, which processes personal data solely on behalf of the data controller.
Data Processor
An employer that collects personal information on employees for payroll
Data Controller
An employer collects personal information on employees for payroll who passes the payroll information to a third-party company to process the payroll. What is the third-party known as?
Data Processor
Helps protect the integrity and security of data by ensuring that is is properly stored and protected.
Data Custodian
Ensures that data is properly stored and protected.
Data Custodian
Ensures that the data is backed up by following guidelines in the backup policy.
Data Custodian
Personnel within an IT department or system security administrators.
Data Custodians
Responsible for assigning permissions to data.
Data Custodian
Usually a member of senior management. Can delegate some day-to-day duties. Cannot delegate total responsbility.
Data Owner
Usually someone in the IT department. DOES NOT DECIDE what controls are needed, but does implement controls for the data owner.
Data Custodian
Responsible for granting appropriate access to personnel (often via RBAC).
Data Administrators
Any person who accesses data via a computing system to accomplish work tasks.
User
Can overlap with the responsibilities of the system owner or be the same role.
Business/Mission Owners
Owns asset or system that processes sensitive data and associated security plans.
Asset Owners
The person or entity that controls processing of data.
Data Controller
