management should ensure that all information assets(data and system)have an appointed owner who makes decisions about classification and access right.System owners typically delegate day-to -day custodianship to the system delivery/operations group and security responsibilities to a security administrator.Owners,however,remin accountable for the maintenanceof oppropriate security measures.
管理层应该确保所有信息资产(数据和系统)拥有明确的所有者,来行驶管理分类和设定访问权限的权利。系统所有者通常在日常的监管方面以系统运营/操作团队为代表,在安全方面以安全管理员为代表。所有者仍然对维护适当的安全措施负责。
|