+ Reply to Thread
Results 1 to 2 of 2
  1. Junior Member Registered Member
    Join Date
    Oct 2017

    Default Security professional VS Data custodian

    Can't clearly understand the difference between the Security professional role and the Data custodian.

    Due to the official guide: ...The security professional has the functional responsibility for security, including writing the security policy and implementing it.... while custodian ...responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management...

    Don't these two definitions intersect each other
    Reply With Quote Quote  

  2. Senior Member
    Join Date
    May 2013

    Cisco (3), CompTIA (2), EC-Council (2), GIAC (3), ISACA (1), ISC2 (1)
    As far as the CISSP CBK is concerned, a security professional usually isn’t the one for example configuring a GPO...that person could be considered a data custodian...and the security professional VALIDATES the controls are configured and in place.

    Another example is a security pro makes a policy saying we will use Encryption on the network, the data custodian could be the one who configures it.

    Depending on the size of the organization, the roles could overlap but generally the CBK is assuming your organization is large enough to have separation of duties.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks