• Recent
  • Tags
  • Popular
  • Search
Skins
  • Light
  • Default
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Quartz
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Slate
  • Solar
  • Superhero
  • Vapor
Collapse

CISSP Course - Episode "Security Governance Principles"

Scheduled Pinned Locked Moved Security
3 Posts 2 Posters 126 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A Offline
    A Offline
    Anthony Andred
    wrote on last edited by
    #1

    The lecturer outlined definitions related to Data Owner, Data Custodian, System Owner, etc, etc.
    A "Data Steward" was not included in the list.

    Where would a Data Steward fit in the context of the list outlined in the lecture episode?

    Thanks!

    1 Reply Last reply
  • R Offline
    R Offline
    Robin Abernathy
    wrote on last edited by
    #2

    Hi, Anthony! A data steward is a relatively new role. In my research, I have even found conflicting resources on the proper definition of this role. The traditional dictionary definition of the word steward is "one who actively directs affairs or supervises something." Going with this traditional definition, I tend to lean toward a data steward as the person who is in charge of the quality of a certain dataset. Keep in mind, if I go with this definition, then different data stewards will be needed for different datasets. While the data custodian takes care of the data (assigns user permission based on the data owner's request, manages the data backups, etc), the data steward ensures that the data quality is maintained.

    Now with that said, I feel I must also refer you to some other references for your review.

    https://cissprep.net/data-ownership/ This reference says that data stewards are any user that uses the data on a regular basis. While I kind of see the point here, I do not think that this is actually true. While I think all users that have access to a dataset must be good stewards, I do not think they would be assigned the data steward role as many users are given read-only access to data or a limited ability to edit the data.

    https://www.cpomagazine.com/cyber-security/data-owners-vs-data-stewards-vs-data-custodians-the-3-types-of-data-masters-and-why-you-should-employ-them/ - I tend to agree more with this articles definition of data stewards and the distinctions it gives between data owner, data steward, and data custodian.

    https://www.castordoc.com/data-strategy/understanding-data-stewardship - This article takes the data steward a bit further than the CPO Magazine link. While I do not totally disagree with this article, I do see a bit of blurring the steward description provided here and the data custodian role.

    The thing I would like to stress is that the data steward is all about dataset quality. Keep in mind that each organization will carefully define their data roles, and while there may be some overlap of tasks, each role needs to work together.

    Thanks for bringing this role omission to our attention. Rest assured I have made note of this and will try to work it into the content at a later date.

    Happy studying!!

    ~Robin Abernathy

    1 Reply Last reply
  • A Offline
    A Offline
    Anthony Andred
    wrote on last edited by
    #3

    Wow! What a comprehensive response! Thank you so much, Robin. Very helpful!

    1 Reply Last reply

  • Login
  • Don't have an account? Register
  • Login or register to search.
  • First post
    Last post
0
  • Recent
  • Tags
  • Popular
  • Search
  • Login
  • Don't have an account? Register
  • Login or register to search.