InformationSecurity030

Roles and permissions

Data must be kept, especially for future use and upon regulatory requirements.

Depending on the type of data, regulatory requirements, and appropriate level of protection that must be ensured.

Data disposal is important as it can lead to leak information/data. There must be secure and standardized procedures.

Data can be at rest, in motion or being used . Each stage must be protected.

This is the second level of classification. If leaked it can still cause a significant damage to a nation or a corporation.

If leaked, it can still cause a certain level of damage to a nation or a corporation.

This type of data does not cause damage to a nation, but can affect people or entities. Health Information is a good example.

Data/information yet to be classified or does not need a classification as it does not include any sensitive data.

This is applied mainly to government and military data. If leaks, it can cause grave damage to an entire nation.

Is responsible for the assets that hold the data, the computer hardware, and related technologies. He has to properly maintain these systems to the standards (patching, updating, configuring, etc.)

A custodian is a role responsible for delegated tasks. The person has to perform the hands-on duties such as backing up data, running recovery simulations, apply patches, and configuration.

The general users who are using the systems. This is the weakest link. Therefore, they must be informed and taught about the data and protection specifically. They are responsible for complying with the policies, standards, procedures, etc. If they fail to meet the policies, they have to bear the consequences. The management must educate the users about penalties.

This is usually the management who is responsible for the security of the data they own or manage. They have to classify the data, label the data, and determine the retention, backup, disposal

requirements. The owners do the management operations, not the technical part.

The top-level hierarchy who have the ultimate responsibility to initiate, implement a proper security program, fund the program, and ensure the organization follows.