Guiding Principles
2 roles specific to information risk management are:-
Roles
Definition
Information Owner
Any employee of Maybank Group who:
• First received the information from an external party or first created the information; and
• Carries the first processing function for the received information.
Information User
Any employee of Maybank Group or an authorised third party who is the subsequent recipient of the information.
This is the flow of information from point of creation to destruction.
Details of the information assets are to be documented and information owner is to maintain a repository of the information types.
The 4 classification level of information assets are as follows:
(a) Highly Confidential (b) Confidential
(c) Restricted (d) Public
Retention period of the information assets is to comply with the legal and regulatory, contractual and commercial requirements.