CompTIA Security+ SY0-701 5.1 Study Guide: Data Roles, Policies, and Governance

This study guide provides a comprehensive overview of the fundamental concepts required for the CompTIA Security+ SY0-701 exam, focusing on organizational security roles, policies, procedures, and standards. 1. Data Roles and Responsibilities Organizations must define who is responsible for data at various stages of its lifecycle to ensure accountability and security. Key Roles Data Owner: Usually a high-level executive (e.g., VP of Sales or Treasurer) who is broadly responsible for a specific data set. They oversee all aspects of the data associated with their role. Data Controller: The entity or department that manages how data will be used. For example, a payroll department acts as a controller by determining how employee information is handled. Data Processor: The entity that actually processes or uses the data based on instructions from the controller. Real-World Comparison: Think of a restaurant. The Data Controller is the customer who decides what meal should be prepared (how th