The data custodian function assumes responsibility to build a policy to govern access to the data of the organization....
This person or group takes a focused "inside-out" view of data access. In other words, they should start with the data and then determine who should be allowed to access it. And "who" is kind of a misnomer. We are not only dealing with people, but also applications and business processes. Firm access rules must be established and kept current as new types of data are gathered.
In ideal circumstances, the data custodian function needs to be managed by a cross-functional team because resources from all business units need access to the organization's data, and it's almost impossible to accurately reflect that access without having someone on the "inside" of those functions on the team to ensure their requirements are met.
Thus, someone within the security or risk team tends to chair the group, but representatives from all across the organization contribute to ensuring the rules reflect how they need to access and consume the data.
Dig Deeper on Information security certifications, training and jobs
Related Q&A from Mike Rothman
While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them ... Continue Reading
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ... Continue Reading
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.