Security professional VS Data custodian

piedwebpiedweb Registered Users Posts: 1 ■□□□□□□□□□
Can't clearly understand the difference between the Security professional role and the Data custodian.

Due to the official guide: ...The security professional has the functional responsibility for security, including writing the security policy and implementing it.... while custodian ...responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management...

Don't these two definitions intersect each other icon_confused.gif:


  • Options
    TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    As far as the CISSP CBK is concerned, a security professional usually isn’t the one for example configuring a GPO...that person could be considered a data custodian...and the security professional VALIDATES the controls are configured and in place.

    Another example is a security pro makes a policy saying we will use Encryption on the network, the data custodian could be the one who configures it.

    Depending on the size of the organization, the roles could overlap but generally the CBK is assuming your organization is large enough to have separation of duties.
Sign In or Register to comment.