Manage

How would you define the responsibilities of a data custodian in a bank?

Data security is incredibly important for financial institutions, and it's the data custodian's job to make sure that data is safe. Security management expert Mike Rothman explains more.

Mike Rothman, Securosis

How would you define the roles and responsibilities of a data custodian in a bank? We are trying to form such a group, and we have a single person from each department taking on the responsibilities of data classification.

Data is the lifeblood of any financial institution. Not only is customer data heavily regulated, but analyzing the data and figuring out how to monetize it is one of the critical success factors for banks as the business continues to get more and more competitive.

The data custodian function assumes responsibility to build a policy to govern access to the data of the organization....

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

This person or group takes a focused "inside-out" view of data access. In other words, they should start with the data and then determine who should be allowed to access it. And "who" is kind of a misnomer. We are not only dealing with people, but also applications and business processes. Firm access rules must be established and kept current as new types of data are gathered.

In ideal circumstances, the data custodian function needs to be managed by a cross-functional team because resources from all business units need access to the organization's data, and it's almost impossible to accurately reflect that access without having someone on the "inside" of those functions on the team to ensure their requirements are met.

Thus, someone within the security or risk team tends to chair the group, but representatives from all across the organization contribute to ensuring the rules reflect how they need to access and consume the data.

More information:

Read about the security of online banking.
How secure is the information submitted to a website? Learn how to test.

This was last published in February 2008

Dig Deeper on Information security certifications, training and jobs

Identity custodians needed in digital era Digital identity systems will fail if they do not take humans into account, warns identity innovator, suggesting that a ‘digital guardian’ could help overcome most of these challenges

What is the best structure for data governance programs? The optimal approach to a data governance framework includes a program team, a data governance council and stewards. Expert Anne Marie Smith explains what role each group plays.

Security Think Tank: Integrity of business data key to cyber defence What types of organisation are likely to be targeted by data integrity breaches and how best can they detect and mitigate against such attacks?

Security Think Tank: Data integrity attack could happen to any company What type of organisations are likely to be targeted by data integrity breaches and how best can they detect and mitigate against such attacks?

Security Think Tank: Data custodians likely to be top targets of integrity attacks What types of organisation are likely to be targeted by data integrity breaches and how best can they detect and mitigate against such attacks?

Webcast: Five data management strategies to lower e-discovery costs In the concluding segment of our webcast, data governance expert Jeffrey Ritter discusses data management strategies to reduce e-discovery spending.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Please create a username to comment.

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

How to evaluate CASB tools for multi-cloud deployments

4 SD-WAN vendors integrate with AWS Transit Gateway

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

3 networking startups rearchitect routing

Shell, Halliburton, Unibap AB execs share real-world AI strategies

What's the difference between RPA and IPA?

The technological evolution of IT industry leaders: 2000 - 2020

Microsoft extends Office 365 benefit to nonprofit volunteers

Cut through confusion of the digital workspace market

Windows 10 issues top list of most read stories for IT pros

Review these Azure Service Bus best practices

Instill cloud change management best practices

How much cloud does an IT disaster recovery plan need?

FCO to boost cloud analysis setup

Tories plan electronic visa waiver for EU citizens

Dutch government must sort IT mess as priority

Dig Deeper on Information security certifications, training and jobs

Related Q&A from Mike Rothman

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.