Term | Definition |
Board of Directors | elected by the shareholders to ensure that the organization is run properly and whose loyalty should be to the shareholders, not high-level management |
Senior Officials | includes board of directors and senior management and must perform duties with the care that ordinary, prudent people would exercise in similar circumstances |
Management | Has the ultimate responsibility for preserving and protecting organizational data. |
CEO (Chief Execuive Officer) | The highest managing officer that reports directly to the shareholders |
CFO (Chief Finance Officer) | Responsible for all financial aspects of an organization |
CIO (Chief Infomation Officer) | Responsible for all information systems and technology used in the organization and reports directly and usually reports directly to the CEO or CFO |
CPO (Chief Privacy Officer) | Responsible for private information and usually reports directly to the CIO |
CSO (Chief Security Officer) | Leads any security effort and reports directly to the CEO |
Business unit managers | Provide departmental information to ensure that appropriate controls are in place for departmental data |
Audit committee | Evaluates an organization's financial reporting mechanism to ensure that financial data is accurate |
Data owner | Determines the classification level of the information he owns and to protect the data for which he is responsible |
Data Custodian | Implements the information classification and controls after they are determined by the data owner |
System owner | Owns one or more systems and must ensure that the appropriate controls are in place on those systems |
System Administrator | Performs the day-to-day administration on those systems |
Security Administrator | Maintains security devices and software, including firewalls, antivirus software, etc |
Security Analyst | Analyzes the security needs of the organization and develops the internal information security governance documents, including policies, standards, and guidelines |
Application owner | Determines the personnel who can access an application. |
Supervisor | Manages a group of users and any assets owned by a group or department |
User | Any person who accesses data to perform his job duties |
Auditor | Monitors user activities to ensure that the appropriate controls are in place |