Page Properties | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
...
(Harris and Maymí, 2019 , p. 240)
The System Owner is a manager responsible for the actual computers that house data. This includes the hardware and software configuration, including updates, patching, etc. They ensure the hardware is physically secure, operating systems are patched and up to date, the system is hardened, etc. Technical hands-on responsibilities are delegated to Custodians, discussed next.
(Conrad et al., 2016, p. 85)
Application owner — Manager of the business unit who is fully accountable for the performance of the business function served by the application. Responsibilities include the following:
— Establish user access criteria and availability requirements for their applications
— Ensure the security controls associated with the application are commensurate with support for the highest level of information classification used by the application
— Perform or delegate the following:
- Day-to-day security administration
- Approval of exception access requests
- Appropriate actions on security violations when notified by security administration
- The review and approval of all changes to the application prior to being placed into the production environment
- Verification of the currency of user access rights to the application
...