Asset owner
Definition
The person or role accountable for ensuring an asset is appropriately classified, protected, and reviewed. The owner is typically a business manager whose process depends on the asset, not the IT team. Owners accept residual risk after controls are applied. Custodians (usually IT or security) implement the controls the owner requires.
Related terms
- Asset inventory (asset register)
- A structured record listing every information asset in scope, together with its owner, custodian, physical or logical location, classification level, criticality rating,...
- Classification tier
- A label assigned to an asset or data type indicating its sensitivity and the handling rules that apply. Common tiers are Public,...
- Information asset
- Anything that has value to the organisation by virtue of the information it contains or the information function it performs. Includes data,...
- Threat
- A potential cause of an unwanted incident that could harm an asset. Threats may be natural (flood, fire), environmental (power failure), human...
- Vulnerability
- A weakness in an asset or in a control protecting that asset, which a threat could exploit to cause harm. Examples: an...
Explained in
- Risk Identification and Asset ClassificationThe person or role accountable for ensuring an asset is appropriately classified, protected, and reviewed. The owner is typically a business manager whose proc...