System Owner (Dictionary Entry)

Quotes

The system owner is responsible for one or more systems, each of which may hold and process data owned by different data owners. A system owner is responsible for integrating security considerations into application and system purchasing decisions and development projects. The system owner is responsible for ensuring that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on. This role must ensure the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.

The System Owner is a manager responsible for the actual computers that house data. This includes the hardware and software configuration, including updates, patching, etc. They ensure the hardware is physically secure, operating systems are patched and up to date, the system is hardened, etc. Technical hands-on responsibilities are delegated to Custodians, discussed next.

Application owner — Manager of the business unit who is fully accountable for the performance of the business function served by the application. Responsibilities include the following:
— Establish user access criteria and availability requirements for their applications
— Ensure the security controls associated with the application are commensurate with support for the highest level of information classification used by the application
— Perform or delegate the following:
- Day-to-day security administration
- Approval of exception access requests
- Appropriate actions on security violations when notified by security administration
- The review and approval of all changes to the application prior to being placed into the production environment
- Verification of the currency of user access rights to the application

Bibliography

See Also