2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet181/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   177   178   179   180   181   182   183   184   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Asset Owners 
The asset owner (or system owner) is the person who owns the asset or system that processes 
sensitive data. NIST SP 800-18 outlines the following responsibilities for the system owner: 

Develops a system security plan in coordination with information owners, the system 
administrator, and functional end users 

Maintains the system security plan and ensures that the system is deployed and oper-
ated according to the agreed-upon security requirements 

Ensures that system users and support personnel receive appropriate security training, 
such as instruction on rules of behavior (or an AUP) 

Updates the system security plan whenever a significant change occurs 

Assists in the identification, implementation, and assessment of the common security 
controls

180
Chapter 5 

Protecting Security of Assets
The system owner is typically the same person as the data owner, but it can sometimes 
be someone different, such as a different department head (DH). As an example, consider a 
web server used for e-commerce that interacts with a back-end database server. A software 
development department might perform database development and database administration 
for the database and the database server, but the IT department maintains the web server. 
In this case, the software development DH is the system owner for the database server, and 
the IT DH is the system owner for the web server. However, it’s more common for one per-
son (such as a single department head) to control both servers, and this one person would 
be the system owner for both systems.
The system owner is responsible for ensuring that data processed on the system remains 
secure. This includes identifying the highest level of data that the system processes. The sys-
tem owner then ensures that the system is labeled accurately and that appropriate security 
controls are in place to protect the data. System owners interact with data owners to ensure 
that the data is protected while at rest on the system, in transit between systems, and in use 
by applications operating on the system.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   177   178   179   180   181   182   183   184   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish