I just started studying up for the CISSP and am having trouble understanding few concepts:
- Data owner
- Data custodian
- System owner
Somewhere I read:
The data owner (information owner) is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information.
The data custodian (information custodian) is responsible for maintaining and protecting the data
But in the practical world, what exactly is the boundary for these roles? Both seems to be protecting data.
Any real-world example helps.