2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet182/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   178   179   180   181   182   183   184   185   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Business/Mission Owners
The business/mission owner role is viewed differently in different organizations. NIST SP 
800-18 refers to the business/mission owner as a program manager or an information system 
owner. As such, the responsibilities of the business/mission owner can overlap with the re-
sponsibilities of the system owner or be the same role.
Business owners might own processes that use systems managed by other entities. As 
an example, the sales department could be the business owner but the IT department and 
the software development department could be the system owners for systems used in sales 
processes. Imagine that the sales department focuses on online sales using an e-commerce 
website and the website accesses a back-end database server. As in the previous example, 
the IT department manages the web server as its system owner, and the software develop-
ment department manages the database server as its system owner. Even though the sales 
department doesn’t own these systems, it does own the business processes that generate 
sales using these systems.
In businesses, business owners are responsible for ensuring that systems provide value to 
the organization. This sounds obvious. However, IT departments sometimes become over-
zealous and implement security controls without considering the impact on the business or 
its mission.
A potential area of conflict in many businesses is the comparison between cost centers 
and profit centers. The IT department doesn’t generate revenue. Instead, it is a cost center 
generating costs. In contrast, the business side generates revenue as a profit center. Costs 
generated by the IT department eat up profits generated by the business side. Additionally, 
many of the security controls implemented by the IT department reduce usability of sys-
tems in the interest of security. If you put these together, you can see that the business side 
sometimes views the IT department as spending money, reducing profits, and making it 
more difficult for the business to generate profits.

Determining Ownership 
181
Organizations often implement IT governance methods such as Control Objectives for 
Information and Related Technology (COBIT). These methods help business owners and 
mission owners balance security control requirements with business or mission needs.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   178   179   180   181   182   183   184   185   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish