Member-only story
Use, Ownership and Control are at the heart of Cybersecurity
Ignore them at your peril
The best way to protect information is understanding the expectations that users have about it, and the first thing we need to address is: Who is in the best position to tell us what the organization cybersecurity requirements are? I think the best way is to find out is finding who are the owners, users and administrators of information. Let’s go over the definitions:
a) Ownership is defined having legal rights and duties on something.
b) Control is defined as having the ability to:
- Grant or deny access to users.
- Attribute to specific users their use of information.
c) Use is defined as having access to read, write or modify information.
As you can see in the following table, how we will go about protecting each type of information will be very different, even before getting the full details of security requirements the owners.
I am still surprised about how infrequent is this type of analysis…
To learn more
This article is part of a series that starts here: Principles of Evidence Based Cybersecurity Management
