Section 7.61 Data Ownership Flashcards
Objectives 14 Explain the importance of using appropriate cryptographic solutions. Objectives 3.3 Compare and contrast strategies to protect data. Objectives 4.2 Explain the security implications of proper hardware, software, and data asset management. Objectives 4.4 Explain security alerting, monitoring concepts and tools. Objectives 5.1 Summarise elements of effective security governance.
Data Ownership
Process of identifying the individual responsible for maintaining the confidentiality, integrity, availability, and privacy of information assets
Data Owner
Data Owner
Data owner hires a data steward
A senior executive responsible for
- Labeling information assets
- Ensure data is protected with appropriate controls
Not the creator of the data
Data Controller
CSU
Data Controller hires a Data Processor
Entity responsible for data…
- Collection
- Storage
- Usage
Ensuring the LEGAILITY of these processes.
e.g If your organisation collects information from your employees to carry out payroll operations then that makes the organisation the Data Controller for that employee information.
Holds ultimate accountability to any breeches of privacy and cannot delegate this responsibility.
Data Processor
Data Controller hires a Data Processor
A group or individual hired by the data controller to assist with tasks like data collection and processing
e.g A payroll company would accept the personal data from the data controller and use it to process payroll functions.
Data Steward
Data owner hires a data steward
Usually a Business Manager thats focused on carrying out the Data Owners requirements.
Responsible for…
- Day to Day Data governance
- Data and Metadata quality
- Ensure Data is appropriately labeled and classified
Ensure Data is appropriately classified and works under the Data Owner
Data Custodian
An I.T Professional knows as Data Base or System adminisrators responsible for managing the systems on which data assets are stored.
- Backup Measures
- Enforcing Access Controls
- Implement Business Rules
Sytem administators or Data base administators
Privacy Officer
Oversees privacy-related data ensuring compliance with legal and regulatory frameworks.
- Personally identifiable information (PII)
- Sensitive personal information (SPI)
- Protected health information (PHI)
Data Ownership Responsibility
The IT department (CIO or IT personnel) should NOT be the data owner: data owners should be individuals from the BUSINESS SIDE who understand the data’s content and can make informed decisions about classification
Selection of Data Owners
Data owners should be designated within their respective departments based on their knowledge of the data and its significance within the organisation
Note: Proper data ownership is essential for maintaining data security, compliance, and effective data management within an organization. Different roles contribute to safeguarding and managing data appropriately
