Determine and Maintain Ownership
In this part of this tutorial, we’ll take a look at maintaining ownership to help you understand the different aspects of determine and maintain ownership. Each individual performs various roles in securing an organization’s assets. One of the important aspects of cyber security is maintaining ownership. Organizations should explicitly define owners and custodians of sensitive assets to avoid any confusion or ambiguity regarding roles, responsibilities, and accountability.
An owner doesn’t legally own the asset assigned to him or her and he / she is normally assigned at an executive or senior-management level within an organization, such as director.
Owner is responsible for safeguarding assigned assets and be held personally liable for negligence in protecting these assets.
Types of Owners
- Business Owners: They are senior managers of an organization who creates the information security program and responsible for ensuring the security of all organizational assets.
- Data Owners or information owners: They Are management employee and determine data sensitivity labels and the frequency of data backup.
- System Owners: They are manager responsible for the particular computer that holds data.
- Custodian: He/ she is in charge of the practical protection of assets such as data. The IT unit usually does this. Relatively much works needs to be done. For example, implementing and maintaining security controls, fulfilling the requirements specified in the company’s security policy, performing regular backups of data, retrieving information from backup media, maintaining activity record and so on it.