Organizational Roles and Responsibilities
Security role
Part an individual plays in the overall scheme of security implementation and administration within an organization
Security Roles
Senior Manager
Assigned to the person who is ultimately responsible for the security maintained by an organization
Most concerned about the protection of its assets
Must sign off on all policy issues
They will be the ones held liable for the overall success or failure of a security solution
Responsible for exercising due care and due diligence in establishing security for an organization
They rarely implement security solutions
Security Professional
Assigned to a trained and experienced network, systems and security engineer
Responsible for following the directives mandated by senior management
Functional responsibility for security, this includes writing and implementing the security policy
They do not make decisions, that is the job of the senior manager
Data Owner
Assigned to the person who is responsible for classifying information for placement and protection within the security solution
Often a high-level manager who is ultimately responsible for data protection
Data Custodian
Assigned to the user who is responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management
Performs all activities needed to provide adequate protection for the CIA triad
Performing and testing backups
Validating data integrity
Deploying security solutions
Managing data storage based on classification
User
Any person who has access to the secure system
Access is limited so they only have enough access to perform the tasks necessary for their job position (PoLP)
Responsible for understanding and upholding the security policy of an organization
Auditor
Responsible for reviewing and verifying that the security policy is properly implemented and the derived security solutions are adequate
Produces compliance and effectiveness reports that are reviewed by the senior manager
Last updated