Up One Level


Information Owner

 

The person who creates, or initiates the creation or storage of the information, is the initial owner. In an organisation, possibly with divisions, departments and sections, the owner becomes the unit itself with the person responsible, being the designated 'head' of that unit.

The Information owner is responsible for ensuring that :-

  • An agreed classification hierarchy is agreed and that this is appropriate for the types of information processed for that business / unit.
  • Classify all information stored into the agreed types and create an inventory (listing) of each type.
  • For each document or file within each of the classification categories, append its agreed (confidentiality) classification. Its availability should be determined by the respective classification.
  • Ensure that, for each classification type, the appropriate level of information security safeguards are available e.g. the logon controls and access permissions applied by the Information Custodian provide the required levels of confidentiality.
  • Periodically, check to ensure that information continues to be classified appropriately and that the safeguards remain valid and operative.


*** The Information Security Glossary ***
Previous PageTop of this pageNext Page



Buy Now:

 

This Glossary forms part of the RUsecure Security Policy Suite... visit RUsecure Security Policy World
Use of the guidance contained within RUsecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word
 Risk Associates: Resources for Security Risk Analysis, ISO 17799 / BS7799, Security Policies and Security Audit