Files and data may contain important and valuable information. This important information should be the focus of your security efforts. But who is responsible for ensuring the security of your organization’s information? This question is answered by assigning different layers of responsibility to each piece of important information. Each file, or data element, should have at least three different responsible parties assigned. The three layers of responsibility represent different requirements and actions for each group. The most common layers are data owner, data custodian, and data user. Each layer has specific expectations to support the organization’s security policy.
- Data Owner The data owner accepts the ultimate responsibility for the protection of the data. The data owner is generally a member of upper management and acts as the representative of the organization in this duty. It is the owner who sets the classification level of the data and delegates the day to-day responsibility of maintenance to the data custodian. If a security violation occurs, it is the data owner who bears the brunt of any negligence issues.
- Data Custodian The data owner assigns the data custodian to enforce security policies according to the data classification set by the data owner. The custodian is often a member of the IT department and follows specific procedures to secure and protect assigned data. This includes implementing and maintaining appropriate controls, taking backups, and validating the integrity of the data.
- Data User Finally, the users of data are the ones who access the data on a day-to-day basis. They are charged with the responsibility of following the security policy as they access data. You would expect to see more formal procedures that address important data, and users are held accountable for their use of data and adherence to these procedures.
Leave a Reply
You must be logged in to post a comment.