PRESENTED BY:-

19/01/14

IS6120

1
Characteristic
s of Data
Governance
Components

 Data Governance
for the purpose of
using data as an
asset driving strategic
objectives.
4pillars of data privacy
Data Privacy Risk Management
Process
1
DLP (Data Loss Prevention)
Software
Data loss/leak prevention solutions are designed
to detect potential data breach incid...
ABSENCE OF DATA PRIVACY &
DATA GOVERNANCE LEADS
TO
•
•
•
•
•

IDENTITY THEFT
PERSONAL SAFETY DESTROYES
LIVES ADVERSELY AFF...
Steps for
Success
•

Step 1: Get a governor and the right people in place to PREVENT &
GOVERN our data

•

Step 2: Survey ...
Data privacy & data governance
Data privacy & data governance
Data privacy & data governance
Data privacy & data governance
Upcoming SlideShare
Loading in …5
×

Data privacy & data governance

537 views

Published on

ALL ABOUT HOW TO ENABLE THE SECURITY OF YOUR DATA & GOVERN IT IN A BETTER WAY

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
537
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
10
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Secure information
    Safeguard against malware and intrusions
    Protect systems from evolving threats
    Identify access control
    Protect sensitive data from unauthorized access or use
    Provide management controls for identity, access , and provisioning
    Information protection
    Protect sensitive data in structured databases
    Protect sensitive data in unstructured documents, messages, and records
    Automate data classification
    Protect data in motion
    Auditing and Reporting
    Monitor to verify integrity of systems and data
    Monitor to verify compliance with policies
    Organizations can use technologies for systems monitoring and compliance controls. Such technologies verify that system and data access controls are operating effectively and assist in identifying suspicious or noncompliant activity. They can also help ease the systems administration burden and reduce troubleshooting planning. Capabilities include:
     Harmonizing compliance requirements across IT processes
     Selecting activities that enable automation of data governance compliance and produce proof of that compliance
     Detecting and reporting on misplaced data by performing routine sweeps using automatic file classification
  • Diagramming
    Multiple techniques can be used for diagramming. Microsoft product teams and our consulting services organization typically use data flow diagrams (DFDs) with the addition of “trust boundaries.” A trust boundary is a border that separates business entities and/or IT infrastructure realms, such as networks or administrative domains. Every time confidential data crosses a trust boundary, basic assumptions about security, policies, processes, and practices—or all of these combined—might change, and with them the threats that will be identified in the next step.
    Threat Enumeration
    Once the diagram is ready and all trust boundaries have been identified, the next step is enumerating potential threats against privacy and confidentiality using the four data privacy and confidentiality principles and identifying threats that might affect the integrity of each one. Here are the four principles, each followed by examples of threat types
    Principle 1: Honor policies throughout the confidential data lifespan
    Choice and consent (collection, use, and disclosure)
    o Inadequate notice of data collection, use, disclosure, and redress policies.
    o Unclear or misleading language or processes for the user to follow in choosing and providing consent for the collection and use of personal information.
    Individual access and correction
    o Limited or nonexistent means for users to verify the correctness of their personal information.
    Accountability
    o Lack of necessary controls to enforce customer choice and consent, as well as other relevant policies, laws, and regulations, including data classification.
    Principle 2: Minimize risk of unauthorized access or misuse of confidential data
    Information protection
    o Lack of reasonable administrative, technical, and physical safeguards to ensure confidentiality, integrity, and availability of data.
    o Unauthorized or inappropriate access to data.
    Data quality
    o Lack of means to verify accuracy, timeliness, and relevance of data.
    o Lack of means for users to make corrections as appropriate.
    Principle 3: Minimize impact of confidential data loss
    Information protection
    o Insufficient safeguards (i.e., strong encryption) to ensure confidentiality of data if it is lost or stolen.
    Accountability
    o Lack of a data breach response plan and an escalation path.
    o System does not encrypt all confidential data.
    o Adherence to data protection principles cannot be verified through appropriate monitoring, auditing, and use of controls.
    Principle 4: Document applicable controls and demonstrate their effectiveness
    Accountability
    o Plans, controls, processes, or system configurations are not properly documented.
    Compliance
    o Compliance cannot be verified or demonstrated through existing logs, reports, and controls.
    o Lack of a clear noncompliance escalation path and process.
    o Lack of a breach notification plan. Lack of other response plans that are required by law.
  • Data privacy & data governance

    1. 1. PRESENTED BY:- 19/01/14 IS6120 1
    2. 2. Characteristic s of Data Governance
    3. 3. Components  Data Governance for the purpose of using data as an asset driving strategic objectives.
    4. 4. 4pillars of data privacy
    5. 5. Data Privacy Risk Management Process 1
    6. 6. DLP (Data Loss Prevention) Software Data loss/leak prevention solutions are designed to detect potential data breach incidents in a timely manner and prevent them by monitoring data while in-use, in-motion and at-rest. A data leakage incident is when, sensitive data is disclosed to unauthorized personnel by malicious intent or human mistake. DLP Suite INTERNET
    7. 7. ABSENCE OF DATA PRIVACY & DATA GOVERNANCE LEADS TO • • • • • IDENTITY THEFT PERSONAL SAFETY DESTROYES LIVES ADVERSELY AFFECTED INTEGRITY IS COMPROMISED DATA CAN BE USED FOR MALACIOUS PURPOSE Two Sides Of Coin
    8. 8. Steps for Success • Step 1: Get a governor and the right people in place to PREVENT & GOVERN our data • Step 2: Survey your situation • Step 3: Develop a data-privacy & governance strategy • Step 4: Calculate the value of your data • Step 5: Calculate the probability of risk • Step 6: Monitor the efficiency of your controls

    ×