Fandom

The IT Law Wiki

Information owner

32,198pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definitions

Computer security

An information owner is an

[o]fficial with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal.[1]
organizational official with statutory, management, or operational authority for specified information and is responsible for establishing the policies and procedures governing the generation, collection, processing, dissemination, and disposal of specified information. In information-sharing environments, the information owner is responsible for establishing the rules for appropriate use and protection of the subject information (e.g., rules of behavior) and retains that responsibility when the information is shared with or provided to other organizations. The owner of the information processed, stored, or transmitted by information technology (IT) and industrial control system (ICS) may or may not be the same as the IT and ICS owner. Information owners provide input to IT and ICS owners about the cybersecurity requirements and controls for the systems where the information is processed, stored, or transmitted.[2]

FISMA

Under the Federal Information Security Management Act of 2002, an information owner is

an agency official with statutory or operational authority for specified information and responsibility for establishing the criteria for its creation, collection, processing, dissemination, or disposal, which responsibilities may extend to interconnected systems or groups of interconnected systems.[3]

General

An information owner is an

[o]fficial with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal.[4]
entity whose information is stored and/or processed on a device; can be an application-specific provider, a digital provider, or an enterprise that allows access to resources from mobile devices.[5]

References

  1. CNSSI 4009.
  2. Electricity Subsector Cybersecurity Risk Management Process, App. F, at 73.
  3. 38 U.S.C. §5727(9).
  4. CNSSI 4009.
  5. National Security Agency, "Mobility Capability Package," at D-5 (Nov. 4, 2013) (full-text).

Also on Fandom

Random Wiki