The IT Law Wiki
Tag: sourceedit
No edit summary
Tag: Visual edit
 
(2 intermediate revisions by one other user not shown)
Line 15: Line 15:
 
{{Quote|an agency official with statutory or operational authority for specified [[information]] and responsibility for establishing the criteria for its creation, collection, processing, dissemination, or disposal, which responsibilities may extend to [[interconnected system]]s or groups of [[interconnected system]]s.<ref>38 U.S.C. §5727(9).</ref>}}
 
{{Quote|an agency official with statutory or operational authority for specified [[information]] and responsibility for establishing the criteria for its creation, collection, processing, dissemination, or disposal, which responsibilities may extend to [[interconnected system]]s or groups of [[interconnected system]]s.<ref>38 U.S.C. §5727(9).</ref>}}
   
== General ==
+
=== General ===
   
 
An '''information owner''' is an
 
An '''information owner''' is an
   
{{Quote|[o]fficial with [[statutory]] or operational authority for specified [[information]] and responsibility for establishing the controls for its generation, [[data collection|collection]], [[data processing|processing]], [[dissemination]], and [[disposal]].<ref>[[DoD Directive 8500.1]], at 20.</ref>}}
+
{{Quote|[o]fficial with [[statutory]] or operational authority for specified [[information]] and responsibility for establishing the controls for its generation, [[data collection|collection]], [[data processing|processing]], [[dissemination]], and [[disposal]].<ref>[[CNSSI 4009]].</ref>}}
  +
  +
{{Quote|entity whose [[information]] is [[stored]] and/or [[information processing|processed]] on a [[device]]; can be an [[application]]-specific [[provider]], a [[digital provider]], or an [[enterprise]] that allows [[access]] to resources from [[mobile device]]s.<ref>[[National Security Agency]], "Mobility Capability Package," at D-5 (Nov. 4, 2013) ([https://web.archive.org/web/20140630030045/https://www.nsa.gov/ia/_files/Mobility_Capability_Pkg_Vers_2_3.pdf full-text]).</ref>}}
   
 
== References ==
 
== References ==

Latest revision as of 00:39, 4 August 2020

Definitions

Computer security

An information owner is an

[o]fficial with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal.[1]
organizational official with statutory, management, or operational authority for specified information and is responsible for establishing the policies and procedures governing the generation, collection, processing, dissemination, and disposal of specified information. In information-sharing environments, the information owner is responsible for establishing the rules for appropriate use and protection of the subject information (e.g., rules of behavior) and retains that responsibility when the information is shared with or provided to other organizations. The owner of the information processed, stored, or transmitted by information technology (IT) and industrial control system (ICS) may or may not be the same as the IT and ICS owner. Information owners provide input to IT and ICS owners about the cybersecurity requirements and controls for the systems where the information is processed, stored, or transmitted.[2]

FISMA

Under the Federal Information Security Management Act of 2002, an information owner is

an agency official with statutory or operational authority for specified information and responsibility for establishing the criteria for its creation, collection, processing, dissemination, or disposal, which responsibilities may extend to interconnected systems or groups of interconnected systems.[3]

General

An information owner is an

[o]fficial with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, collection, processing, dissemination, and disposal.[4]
entity whose information is stored and/or processed on a device; can be an application-specific provider, a digital provider, or an enterprise that allows access to resources from mobile devices.[5]

References

  1. CNSSI 4009.
  2. Electricity Subsector Cybersecurity Risk Management Process, App. F, at 73.
  3. 38 U.S.C. §5727(9).
  4. CNSSI 4009.
  5. National Security Agency, "Mobility Capability Package," at D-5 (Nov. 4, 2013) (full-text).