Security Roles and Responsibilities In Security Governance
Security role is the part where an individual plays in a complete organization security implementation and administration. In this tutorials different security roles and responsibilities in an organization.
Senior Manager is responsible for all organization security. Senior Manager will have following roles and responsibilities
- Sign off all policy issues
- Endorse security policy
- Sole responsibility on security failure or success
- Tracking security solutions
Security professional are word horse of the security in an organization. The implementation mainly relies on Security Professionals. Security Professionals may have following roles and responsibilities
- Have functional responsibility of security
- Writing security policies
- Implementing security policies
- Designing security solutions
Data Owner the roles who actually owns the corporate data in an organization. This is generally upper level manager who is responsible for the given operations. But as we expect managers generally do not manage operations so they delegate this responsibility to the Data Custodian.
Data Custodian role is responsible to implement protection measures prescribed by security policy and senior management. Generally get delegation from upper level managers
User the services and data consumer with little or no privileges. Users should comply with organization provided security protection and standards
Auditor is role for reviewing and verifying security policy implementation and operations. Auditor should have some related or special training for the part he audits. Auditors generally provides reports about their audits to the managers.