
	Home > Ask the Security Experts > Security Management Questions & Answers > How would you define the responsibilities of a data custodian in a bank?

Ask The Security Expert: Questions & Answers

EMAIL THIS

How would you define the responsibilities of a data custodian in a bank?

EXPERT RESPONSE FROM: Mike Rothman

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 27 February 2008
How would you define the roles and responsibilities of a data custodian in a bank? We are trying to form such a group, and we have a single person from each department taking on the responsibilities of data classification.

EXPERT RESPONSE
Data is the lifeblood of any financial institution. Not only is customer data heavily regulated, but analyzing the data and figuring out how to monetize it is one of the critical success factors for banks as the business continues to get more and more competitive.

The data custodian function assumes responsibility to build a policy to govern access to the data of the organization. This person or group takes a focused "inside-out" view of data access. In other words, they should start with the data and then determine who should be allowed to access it. And "who" is kind of a misnomer. We are not only dealing with people, but also applications and business processes. Firm access rules must be established and kept current as new types of data are gathered.

In ideal circumstances, the data custodian function needs to be managed by a cross-functional team because resources from all business units need access to the organization's data, and it's almost impossible to accurately reflect that access without having someone on the "inside" of those functions on the team to ensure their requirements are met.

Thus, someone within the security or risk team tends to chair the group, but representatives from all across the organization contribute to ensuring the rules reflect how they need to access and consume the data.

More information:

Read about the security of online banking.
How secure is the information submitted to a website? Learn how to test.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Security Management
	What is the GISP certification and how does it compare to the CISSP certification?
	Would QSAs normally write up a PCI DSS report on compliance (ROC) and submit it to all issuing card brands?
	How can gap analysis be applied to the security system development life cycle?
	When should an enterprise consider low-cost security appliances vs. a bigger do-everything appliance?
	What are some tips on protecting my security budget in a tight economy?
	What value do research firms provide to enterprises that subscribe to their services?
	What certificate offers the best ROI for an IT project manager?
	Which is the biggest threat to data: Insider activity or outsider activity?
	What role does information security play in enterprise fraud-prevention activities?
	What is the difference between an SAS 70 data center and a Tier III data center?

Information Security Jobs

Security Squad: Security pros face troubles

What is the GISP certification and how does it compare to the CISSP certification?

Security certifications

Certification still pays for CISSPs, CISMs

What certificate offers the best ROI for an IT project manager?

Security Certifications' Ethics Programs Merely Window-Dressing

Security certifications: Are they worth the trouble?

How can a Certified Ethical Hacker become a line penetration tester?

CISOs adapt as compliance requires strategic thinking

Any recommendations for recruiting information security pros?

Data Privacy

IRS faulted for lax security controls, dangerous data risks

Learning the language of global compliance

PCI is about eliminating data, not securing it, former QSA says

Google amends log retention rules, privacy advocates respond

Security of customer data, IP sustains security budgets

Product Review: Workshare Protect Premium 6.0

Data breach discovery, disclosure outpaces 2007

PCI groups to focus on wireless, pre-authorization changes

PCI DSS 1.2 clarifies wireless, antivirus use

Architect Security and Compliance Programs to Be Complementary

Data Privacy Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

CSO (SearchSecurity.com)

security clearance (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy