1.4 DATA STEWARDSHIP

Previous page
Table of content
Next page

1.4 DATA STEWARDSHIP

Data Stewardship deals with the classification and ownership of data. The data classification process usually starts with a risk analysis to determine which data are the most critical. The risk analysis is usually performed using the Threat/Vulnerability/Impact trifecta. Threat is the action taken against a system. Vulnerability is the weakness in a system that allows the Threat to occur. Impact is the expected loss should that Threat be realized. By determining which systems are the most vulnerable to threats and will cause the greatest impact to the company, a classification scheme can then be implemented to identify the most critical systems and data. The granularity of the classification scheme used is dependent on the type of organization and the data that it has. Government and financial institutions have a very granular classification scheme that may include as many as five to seven classification categories. Most organizations do not need that granularity and will typically only have two or three categories, which may include:

  • Public “ If the confidentiality, integrity or availability of this data were to be compromised, the impact to the company would be minimal or non-existent.

  • Internal-Use Only “ If the confidentiality, integrity or availability of this data were to be compromised, the impact to the company would be significant.

  • Confidential “ If the confidentiality, integrity or availability of this data were to be compromised, the impact to the company would be devastating.

In addition to properly classifying data, security roles and responsibilities should also be clearly identified. The following roles should be the minimum that are defined; however, other roles may exist depending on the organization:

  • Data Owner “ This individual is usually a Senior Manager or Executive. This is the individual who is ultimately responsible for the data and should be the one to make the final decisions regarding classification, access control and management of the data.

  • Data Guardian/Custodian “ This individual is usually assigned by the Data Owner and is responsible for the day to day management of the data. This includes backing up the data, restoring the data, and maintaining the data in accordance with the policies implemented by the data owner.

  • Data User “ This is the individual who uses the data as part of his regular duties and processes.



Previous page
Table of content
Next page
Securing Linux. A Survival Guide for Linux Security
Securing Linux: A Survival Guide for Linux Security (Version 2.0)
ISBN: 0974372773
EAN: 2147483647
Year: 2002
Pages: 39
Authors: David Koconis, Jim Murray, Jos Purvis, Darrin Wassom
BUY ON AMAZON
Beginning Cryptography with Java
Strategies for Information Technology Governance
Lotus Notes and Domino 6 Development (2nd Edition)
Adobe After Effects 7.0 Studio Techniques
101 Microsoft Visual Basic .NET Applications
Extending and Embedding PHP
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy