Ver:
· Datos
· Custodio
· Responsable de la información
Persona
responsable de la integridad, confidencialidad y disponibilidad de una cierta
información. Debe tener autoridad para especificar y exigir las medidas de
seguridad necesarias para cumplir con sus responsabilidades, pudiendo delegar
los aspectos operacionales en responsables de seguridad.
Persona
física, jurídica de naturaleza pública o privada y órgano administrativo que
decida sobre la finalidad, contenido y uso del tratamiento.
LEY ORGÁNICA
15/1999, de 13 de diciembre, de Protección de Datos de Carácter Personal.
Ley Orgánica
5/1992, de 29 de octubre, de Regulación del Tratamiento Automatizado de los
Datos de Carácter Personal. (Vigente hasta el 14 de enero de 2000)
(N) The
organization that has the final statutory and operational authority for specified
information. [RFC4949:2007]
Individuos,
por lo general gerentes o directores, que tienen la responsabilidad de la
integridad, el uso y el reporte preciso de los datos computarizados.
[COBIT:2006]
Individuals,
normally managers or directors, who have responsibility for the integrity,
accurate reporting and use of computarised data. [COBIT:2006]
The authoritative
head of the respective college, school, or unit. The owner is responsible for
the function that is supported by the resource or for carrying out the program
that uses the resources. The owner of a collection of information is the person
responsible for the business results of that system or the business use of the
information. Where appropriate, ownership may be shared by managers of
different departments. The owner or his designated representatives are
responsible for and authorized to:
·
Approve
access and formally assign custody of an information resources asset.
· Determine the asset's value.
·
Specify
and establish data control requirements that provide security, and convey them
to users and custodians.
·
Specify
appropriate controls, based on risk assessment, to protect the state's
information resources from unauthorized modification, deletion, or disclosure.
Controls shall extend to information resources outsourced by the university.
·
Confirm
that controls are in place to ensure the accuracy, authenticity, and integrity
of data.
·
Confirm
compliance with applicable controls.
·
Assign
custody of information resources assets and provide appropriate authority to
implement security controls and procedures.
·
Review
access lists based on documented security risk management decisions.
http://www.utexas.edu/its/policies/glossary.html
A Data Owner is
the entity having responsibility and authority for the data.
http://www.sans.org/security-resources/glossary-of-terms/
Temas relacionados