Last week, we studied how the CISO will be placed in the organization. In this post, we will study about all other security roles and their responsibilities.

here is the link to that article if you need

Data Owner

It can be a manager and he is the person responsible for some specific data, information, or asset. He is the one who will define the access levels to the information, proper clearance required to access that, the procedures and guidelines for that specific things, like when to take backup, how to take backup, how to restore it, etc.

Data Custodian

He is the one who actually performs the function determined by the owner. He is a delegate of the data owner. For example: if there is backup scheduled by the owner, the custodian is the person who will actually perform the backup. So this is the main person who is going to do all the work.

Information Security Auditor

He is the person who determine whether all the other people like the custodian, the owners or other users, even our systems and assets, etc. are in compliance with our policies, procedures, laws, standards, etc. They generally examine System, People, Processes, etc. and make the report so that we can work on them. You should note that an Auditor can be an Independent Auditor as well who may not belong to the organization in any way and is simply hired to audit things when needed.

I hope you are getting good stuff, check these articles as well
AIC Triad, Organizational Processes, Goals Mission and Objectives

IT Professionals

They are generally responsible for designing the security controls in Information Systems. So we have the security controls and they are responsible for designing that into information systems.

InfoSec Professionals

They are responsible for drafting, implementing maintaining, managing and improving the guidelines, procedures, policies, baselines, etc.

Security Administrator

The security administrator is the person who manages the access required by anyone, so he manages the access privileges, etc. He will grant access to people. He will revoke the access, he will transfer the access, etc.

Network / System Administrator

They are the people who will be most of the times configuring and maintaining the network and systems, making sure that they are working fine and making the security checks and also implementing the security patches, etc.

Service Desk or Help Desk Monitors

They get all the problems, questions, etc. and store that in some database or open tickets. It is an important person because whenever someone faces some problem he firstly reports it to the service desk.

Service desk may escalate the issue to the security team where the security team, may send some person from the incident response team.

IR Team

Incident Response Team, when something wrong happens, the service desk gets the information and reports to incident response team. This team comes they examine what is the problem and how to fix it. If they find something wrong, then further investigation is started. The major task is to fight against incidences and help to recover ASAP.

oh and by the way, this article is a part of my Last Week CISSP
Don’t forget to check my courses at