Data security is a complex problem and many different people throughout the organization play a role in data security. In this video, you will learn how to determine and maintain data ownership and the role of data owners, data stewards, data custodians, system owners, and business/mission owners in the information security process. You will also learn about the responsibilities that data owners and processors have regarding information privacy.
- [Instructor] Data security is a complex problem…and many different people throughout the organization…play a role in protecting information.…Let's take a look at some of the concepts…surrounding data ownership and data stewardship.…Data governance in many organizations…follows a three tiered model of roles.…At the highest level the data owner…for a particular data set is a senior level official…who bears overall responsibility for that data.…The data owner sets policies and guidelines…around data use and data security…and has the authority to make final decisions…regarding a data set.…
Data owners are usually the business leaders…who have responsibility for the mission area…most closely related to the data set.…For example, an organization's vice president…for human resources might be the data owner…for employment information.…Practically speaking, most individuals who…are senior enough to hold the position…of data owner do not have the time available…to get involved in the nitty gritty decisions…of data governance.…
Members who take all eight courses in the series will be prepared to take and pass the CISSP exam. Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Understanding data security policies and roles
- Limiting data collection
- Developing security baselines
- Leveraging industry standards
- Restricting access to data with Windows and Linux file permissions
- Encrypting data
- Securing cloud storage