This material was developed with funding
from the National Science Foundation
This work is licensed with a
Creative Commons Attribution 4.0 International LicenseEndFragment
Information security operations is responsible for monitoring, detecting, investigating, and responding to cyberthreats. Data governance (also called data intelligence) consists of processes and tasks that staff perform within the organization. There are several distinct roles in the Information Security Management process to ensure that individuals and management clearly define and understand critical responsibilities in managing the organization’s information assets.
Creates accountability and ensures that data will be continuously monitored for complianceFocuses on defining policies (like retention or access policies) and standards that ensure the alignment, compliance, legal, or contractual requirementsHelps to gain the trust of customers, partners, and management
As organizations strive to put the appropriate governance framework in place, redundancies are eliminated with a clear understanding of data ownership.
The data owner in an organization has the legal right and ability to create, change, restrict, or share any piece or set of data. This is also the individual with rights and responsibilities for that data.
What is Data Ownership?
The explicit assignment of owners to every data asset or system in the organization.
Who can be a Data Owner?
Individuals or teams who make decisions such as how the data is used, who has the right to access it, and who can edit it.
Who Owns the Data?
An organizations owns the data it posesses, collects, builds, or manages. However, the question of ownership may involve legal, contractual, or compliance considerations.
Registrar and student dataTreasurer and financial dataVice President of Human Resources and employee data
Click on each button
Information Technology department team membersApplication Development team members
Implements business rulesSafely stores, transports, and archives the organization’s data assets
The data custodian has technical control over an information asset.
System AdministratorsSystem EngineersInformation Technology Specialists
Data Processing SpecialistAccount ClerksHuman Resource SpecialistsMedical Records/Healthcare CoordinatorService provider acting on behalf of the organization
An employee or a third-party that the data controller chooses to process the data. Processors act on behalf of the relevant controller and under his or her authority.
The data processor oversees the data assets of individuals or of the organization throughout the four main stages of the data processing cycle: collection, input, processing, and output.
The design, creation, and implementaion to data assets and systems that enable the organization to collect, update, process, maintain, and delete data assets. Data Processors do not have any responsibility or control over that data asset.
Ensures the quality of the data supports the organization’s goals and objectivesCollects, collates, and evaluates issues and problems with data
The Data Steward is maintains data control in data governance and mastering data management initiatives on a day-to-day basis. This includes collecting, collating, and evaluating issues and problems with data.
Data Processing SpecialistAccount ClerksHuman Resource SpecialistMedical Records/Healthcare CoordinatorA service provider acting on behalf of the organization to process data assets
Utilizes an organization's data governance processes, policies, guidelines and responsibilities for administering an organization's entire data in compliance with policy and/or regulatory obligations.
Protects the privacy and rights of the data’s subjectDictates how the data will be used by the organization
A bank (data controller) hires an IT services company (data processor) to store archived data. The bank still controls how and why the data is used and determines its retention period.A brewery contracts a payroll company to pay employee wages. The brewery (data controller) determines when wages are paid, when raises are given, or when an employee is terminated. The payroll company is the data processor.
Data deletion request
Familiar with regulations and compliance lawsKnowledge of contractual requirements
A data subject is any individual who can be pinpointed, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person’s physical, physiological, genetic, mental, economic, cultural, or social identity.
Click on the button
Dictates how the data will be used by the organization
Creates accountability and ensures that data will be continuously monitored for compliance
Collects, collates, and evaluates issues and problems with data
Drag and drop the data role to its responsibility
Safely stores, transports, and archives the organization’s data assets
Ensures the quality of data supports the organization’s goals and objectives