SlideShare a Scribd company logo

Chapter 7: Data Security Management

Download as PPTX, PDF
A
Ahmed Alorage

Chapter 7 from DAMA DMBoK v1

Data & Analytics
1 of 25
Data Security Management Ahmed Alorage
Objectives: • 7.1 Introduction • 7.2 Concepts and Activities • 7.2.1 Understand Data Security Needs and Regulatory Requirements • 7.2.1.1 Business Requirements • 7.2.1.2 Regulatory Requirements • 7.2.2 Define Data Security Policy • 7.2.3 Define Data Security Standards • 7.2.4 Define Data Security Controls and Procedures • 7.2.5 Manage Users, Passwords, and Group Membership • 7.2.5.1 Password Standards and Procedures • 7.2.6 Manage Data Access Views and Permissions • 7.2.7 Monitor User Authentication and Access Behavior • 7.2.8 Classify Information Confidentially • 7.2.9 Audit Data Security • 7.3 Data Security in Outsourced World
7 Data Security Management • Data Security is the fifth Data Management Function in the Data Management framework in Chapter 1. • Fourth data management function that interacts with and influenced by Data Governance function. • In this Chapter, we will defined the Data Security Management Function and Explains the Concepts and Activities involved in Data Security Management.
7.1 Introduction: • Data Security Management is the Planning, Development, and Execution of Security Policies and Procedures to Provide Proper Authentication, Authorization, Access, and Auditing of Data and Information assists. • Effective Data Security Policies and Procedures ensure that the right people can use and update data in the right way and all inappropriate access and update is restricted. • Understanding and complying with privacy and confidentiality interests and needs of all stakeholders is in the best interest of any organization. • Establishes judicious governance mechanisms that are easy enough to abide by a daily operational basis by all stakeholders.
7.2 Concepts and Activities • The Goal is to protect information assets in alignment with privacy and confidentiality regulations and business requirements. • The sources of Data Security management requirement come from: • Stakeholder concerns: including clients, patients, students…etc. • Government Regulations: protect stakeholder interests. Some of them restrict access to information, while other ensure openness, transparency, and accountability. • Proprietary Business Concerns: ensuring competitive advantage provided by intellectual property and intimate knowledge of customer needs. • Legitimate access Needs: Data security implementers must understand legitimate need for data access.
7.2 Concepts and Activities • Data Security requirements and procedures to meet these requirements can be categorized into four basic groups: • Authentication: Validate users are who they say they are. • Authorization: Identify the right individuals and grant them the right privileges to specific, appropriate views of data. • Access: Enable these individuals and their privileges in a timely manner. • Audit: Review Security actions and user activity to ensure compliance with regulations and conformance with policy and standards.
•7.2.1 Understand Data Security Needs and Regulatory Requirements • Important to distinguish between rules and procedures, and the rules imposed by application software products. • Application systems serve as vehicles to enforce business rules and procedures. • It is common for these systems to have their own unique set of data security requirements over and above those required for business processes. • These unique requirements are becoming more common with packaged and off- the-shelf systems. • Therefore, this activity divide into two sub-activities: • 7.2.1.1 Business Requirements • 7.2.1.2 Regulatory Requirements
•7.2.1.1 Business Requirements • Begin with a through understanding of business requirements. • Business mission and strategy percolates through data strategy must be the guiding factor in planning data security policy. • Address short-term and long-term goals to achieve a balanced and effective data security function. • There is a degree of data security defined through the business needs of an enterprise depending on the size of enterprises and the choice to have extended data security. • The security is touch points means every business rules and processes have its own security requirements. Therefore, tools such as “Data-to-process” and “Data –to-role” relationship matrices are useful tools to map these needs. • Identify detailed application security requirements in the analysis phase of every systems development project.
•7.2.1.2 Regulatory Requirements • Organizations required to comply with growing set of regulations. • The ethical and legal issues facing organizations in the information age are leading governments to establish new laws and standards. • Requirements of several newer regulations, like: • United States Sarbanes-Oxley Act of 2002, Canadian Bill 198 • CLEBRP Act of Australia • Have all imposed strict security controls on information management. • The European Union’s Basel II Accord • imposes information controls for all financial institutions doing business in related countries. • In Saudi Arabia, NDMO Related to SADIA • imposes information controls for all government and non-government sectors related to Information.
•7.2.2 Define Data Security Policy • Data Security Policy is a collaborative effort from IT security administrators, Data Stewards, internal and external audit teams, and legal department. Reviewed and approved from Data Governance council. • IT security policy and Data Security Policy is part of combined Security Policy. However, Should separate them out. • Data Security Policies are more granular in nature and take a very data-centric approach. • Defining directory structures and an identity management framework can be IT Security Policy component, • Whereas defining the individual application, Database roles, User groups, and password standards can be part of the Data Security Policy.
7.2.3 Define Data Security Standards • Organizations should design their own Security controls, demonstrate them to meet the requirements of the law and regulations and document them. • IT strategy and standards can also influence: • Tools used to manage data security • Data encryption standards and mechanisms. • Access guidelines to external vendors and contractors. • Data transmission protocols over the internet. • Documentation requirements. • Remote access standards. • Security breach incident reporting procedures.
7.2.3 Define Data Security Standards • Physical Security standards, as part of enterprise IT policies: • Access to data using mobile devices. • Storage of data on portable devices such as laptops, DVDs, or USB drives. • Disposal of these devices in compliance with records management policies. • The focus should be on quality and consistency, not creating a huge body of guidelines. • Should be in a format that is easily accessible by suppliers, consumers, and stakeholders. • Should be satisfying the four A’s “authentication, authorization, access and audit”
7.2.4 Define Data Security Controls and Procedures • Implementation and administration of data security policy is primarily the responsibility of security administrators. DB Security is often one responsibility of “DBAs”. • Implementing a proper controls to meet the objectives of pertinent laws. • Implementing a process to validate assigned permissions against change management system used for tracking all user permission requests. • The control may also require a workflow approval process or signed paper from to record and document each request.
7.2.5 Manage Users, Passwords, and Group Membership • Access and Update can be granted to individual user accounts. However, may results of redundant effort. • Role groups enable security administrators to define privileges by role, and to grant these privileges to users by enrolling them in. • Try to assign each user to only one role group. • Construct group definitions at a workgroup and organize roles in hierarchy, “child roles restrict the privileges of parent roles”. (roles management) Figure 7.2 • Security administrators create, modify and delete user accounts and groups. • Changes made to the group taxonomy and membership should require some level of approval, and tracking using a change management system. • Data consistency in user and group management is a challenge in a heterogeneous environment. • To avoid data integrity issues, manage user identity data and role-group membership data centrally.
7.2.5.1 Password Standards and Procedures • Passwords are the first line of defense in protecting access to data. • Typical password complexity requirements require a password to: • Contain at least 8 characters. • Contain an uppercase letter and a numeral. • Not be the same as the username • Not be the same as the previous 5 passwords used. • Not contain Complete dictionary words in any language. • Not be incremental (password1, Password2, etc). • Not have two characters repeated sequentially. • Avoid using adjacent characters from the keyboard. • If the system supports a space in passwords, then a ‘pass phrase’ can be used. • The capability ‘single-sign-on’ should be implemented. • Users to change their passwords every 45 to 60 days is required. • Security administrators and help desk analysts assist in troubleshooting and resolving password related issues.
7.2.6 Manage Data Access Views and Permissions • Valid and appropriate access to data. Control sensitive data access by granting permissions (opt-in). Without permission, a user can do nothing. • Control data access at an individual or group level: • Smaller organizations may find it acceptable to manage data access. • Larger organizations will benefit greatly from role-based access control, granting permissions to role groups. • RDB views provide another important mechanism for data security, enabling restrictions to data in tables to certain rows based on data values. • Access control degrades when achieved through shared or service accounts • Evaluate use of such accounts carefully, and never use them frequently or by default.
7.2.7 Monitor User Authentication and Access Behavior • Monitoring authentication and access behavior is critical because: • It provides information about who is connecting and accessing information assets, which is a basic requirement for compliance auditing. • It alerts security administrators to unforeseen situations, compensating for oversights in data security planning, design, and implementation. • Monitoring helps detect unusual or suspicious transactions that may warrant further investigation and issue resolution. • Systems containing confidential information such as salary, financial data, etc. commonly implement active, real-time monitoring. “send notification to the data stewards”
7.2.7 Monitor User Authentication and Access Behavior • Passive monitoring tracks changes over time by taking snapshots of the current state of a system at regular intervals and comparing trends against a benchmark or defined set of criteria. • Automated monitoring does impose an overhead on the underlying systems. • Enforce monitoring at several layers or data touch points. Monitoring can be: • Application specific. • Implemented for certain users and / or role groups. • Implemented for certain privileges. • Used for data integrity validation. • Implemented for configuration and core meta-data validation. • Implemented across heterogeneous systems for checking dependencies.
7.2.8 Classify Information Confidentially • A simple confidentiality classification schema used to classify an enterprise’s data and information products. • Five confidentiality levels followed by the schema: • For General Audiences: available to everyone • Internal use only: information limited to employees or members. • Confidential: information should not be shared outside the organization. • Restricted Confidential: information limited to individuals performing certain roles with the ”need to know”. • Registered Confidential: information that anyone accessing should sign a legal agreement to access data. • Classify documents and reports based on the highest level of confidentiality for any information found within the document. Through labeling. • Correctly classifying and labeling the appropriate confidentiality level for each document. • Also, classify databases, relational tables, columns, and views. Information confidentiality classification is an important meta-data characteristic, guiding how users are granted access privileges. • Data Stewards are responsible for evaluating and determining the appropriate confidentiality level for data.
7.2.9 Audit Data Security • Auditing data security is a recurring control activity with responsibility to analyze, validate, counsel, and recommend policies, standards, and activities related to data security management. • Data Security auditors • should not have direct responsibility for the activities being audited • Provide management and the data governance council with objectives, unbiased assessments, and relational, practical recommendations. • Data security policy statements, standards documents, implementation guides, change requests, access monitoring logs, report outputs, and other records from the basis of auditing.
7.2.9 Audit Data Security • Auditing data security includes: • Analyzing data security policy and standards against best practices and needs. • Analyzing implementation Procedures and actual practices to ensure consistency with data security goals, polices, standards, guidelines, and desired outcomes. • Assessing whether existing standards and procedures are adequate and in alignment with business and technology requirements. • Verifying the organization is in compliance with regulatory requirements. • Reviewing the reliability and accuracy of data security audit data. • Evaluating escalation procedures and notification mechanisms in the event of data security breach. • Reviewing contracts, data sharing agreements, and data security obligations of outsourced and external vendors, ensuring they meet their obligations, and ensuring the organization meets its obligations for externally sourced data. • Reporting to senior management, data stewards, and other stakeholders on the ‘State of Data Security’ within the organization and the maturity of its practices. • Recommending data security design, operational, and compliance improvements. • Auditing data security is no substitute for effective management of data security. • Auditing is a supportive, repeatable process, which should occur regularly, efficiently, and consistently.
7.3 Data Security in an Outsourced World • The Option of Outsourcing in Organization is in order and may happened, Only “Liability” is not. • Outsourcing IT Operations Introduces additional data security challenges and responsibilities. “number of people sharing accountability for data access”. • Which lead to explicitly defined as “Contractual Obligations”. • Contracts must specify the responsibilities and expectations of each role. • Risk are escalated to include outsource vendor “external risk and internal risk”.
7.3 Data Security in an Outsourced World, continuo. • Transferring control, but not accountability, requires tighter risk management and control mechanisms. Such: • Service Level agreements. • Limited Liability Provisions in the outsourcing contract. • Right-to-audit clauses in the contract. • Clearly defined consequences to breaching contractual obligations. • Frequent data security reports from the service vendor. • Independent monitoring of vendor system activity. • More frequent and through data security auditing. • Constant communication with the service vendor. • In outsourced environment, ‘chain of custody’ Analysis should maintained related with “CRUD” Processes. • RACI “Responsible, Accountable, Consulted, and informed” matrices help clarify roles, duties and responsibilities of data security requirements. “can be apart of contractual agreements” • In outsourcing IT Operations, required appropriate compliance mechanisms.

Recommended

Chapter 5: Data Development
Chapter 5: Data Development Chapter 5: Data Development
Chapter 5: Data Development Ahmed Alorage
 
Chapter 4: Data Architecture Management
Chapter 4: Data Architecture ManagementChapter 4: Data Architecture Management
Chapter 4: Data Architecture ManagementAhmed Alorage
 
‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management
‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management
‏‏‏‏‏‏‏‏Chapter 11: Meta-data ManagementAhmed Alorage
 
‏‏Chapter 8: Reference and Master Data Management
‏‏Chapter 8: Reference and Master Data Management ‏‏Chapter 8: Reference and Master Data Management
‏‏Chapter 8: Reference and Master Data Management Ahmed Alorage
 
‏‏‏‏‏‏Chapter 10: Document and Content Management
‏‏‏‏‏‏Chapter 10: Document and Content Management ‏‏‏‏‏‏Chapter 10: Document and Content Management
‏‏‏‏‏‏Chapter 10: Document and Content Management Ahmed Alorage
 
Chapter 3: Data Governance
Chapter 3: Data Governance Chapter 3: Data Governance
Chapter 3: Data Governance Ahmed Alorage
 
Chapter 1: The Importance of Data Assets
Chapter 1: The Importance of Data AssetsChapter 1: The Importance of Data Assets
Chapter 1: The Importance of Data AssetsAhmed Alorage
 
Chapter 6: Data Operations Management
Chapter 6: Data Operations ManagementChapter 6: Data Operations Management
Chapter 6: Data Operations ManagementAhmed Alorage
 

Recommended

Chapter 5: Data Development
Chapter 5: Data Development Chapter 5: Data Development
Chapter 5: Data Development Ahmed Alorage
 
Chapter 4: Data Architecture Management
Chapter 4: Data Architecture ManagementChapter 4: Data Architecture Management
Chapter 4: Data Architecture ManagementAhmed Alorage
 
‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management
‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management
‏‏‏‏‏‏‏‏Chapter 11: Meta-data ManagementAhmed Alorage
 
‏‏Chapter 8: Reference and Master Data Management
‏‏Chapter 8: Reference and Master Data Management ‏‏Chapter 8: Reference and Master Data Management
‏‏Chapter 8: Reference and Master Data Management Ahmed Alorage
 
‏‏‏‏‏‏Chapter 10: Document and Content Management
‏‏‏‏‏‏Chapter 10: Document and Content Management ‏‏‏‏‏‏Chapter 10: Document and Content Management
‏‏‏‏‏‏Chapter 10: Document and Content Management Ahmed Alorage
 
Chapter 3: Data Governance
Chapter 3: Data Governance Chapter 3: Data Governance
Chapter 3: Data Governance Ahmed Alorage
 
Chapter 1: The Importance of Data Assets
Chapter 1: The Importance of Data AssetsChapter 1: The Importance of Data Assets
Chapter 1: The Importance of Data AssetsAhmed Alorage
 
Chapter 6: Data Operations Management
Chapter 6: Data Operations ManagementChapter 6: Data Operations Management
Chapter 6: Data Operations ManagementAhmed Alorage
 
Chapter 2: Data Management Overviews
Chapter 2: Data Management OverviewsChapter 2: Data Management Overviews
Chapter 2: Data Management OverviewsAhmed Alorage
 
‏‏‏‏Chapter 9: Data Warehousing and Business Intelligence Management
‏‏‏‏Chapter 9: Data Warehousing and Business Intelligence Management‏‏‏‏Chapter 9: Data Warehousing and Business Intelligence Management
‏‏‏‏Chapter 9: Data Warehousing and Business Intelligence ManagementAhmed Alorage
 
‏‏‏‏‏‏‏‏‏‏‏‏Chapter 13: Professional Development
‏‏‏‏‏‏‏‏‏‏‏‏Chapter 13: Professional Development‏‏‏‏‏‏‏‏‏‏‏‏Chapter 13: Professional Development
‏‏‏‏‏‏‏‏‏‏‏‏Chapter 13: Professional DevelopmentAhmed Alorage
 
‏‏‏‏‏‏‏‏‏‏Chapter 12: Data Quality Management
‏‏‏‏‏‏‏‏‏‏Chapter 12: Data Quality Management‏‏‏‏‏‏‏‏‏‏Chapter 12: Data Quality Management
‏‏‏‏‏‏‏‏‏‏Chapter 12: Data Quality ManagementAhmed Alorage
 
Building a Data Governance Strategy
Building a Data Governance StrategyBuilding a Data Governance Strategy
Building a Data Governance StrategyAnalytics8
 
Data Governance Best Practices
Data Governance Best PracticesData Governance Best Practices
Data Governance Best PracticesDATAVERSITY
 
Glossaries, Dictionaries, and Catalogs Result in Data Governance
Glossaries, Dictionaries, and Catalogs Result in Data GovernanceGlossaries, Dictionaries, and Catalogs Result in Data Governance
Glossaries, Dictionaries, and Catalogs Result in Data GovernanceDATAVERSITY
 
Data Catalog as a Business Enabler
Data Catalog as a Business EnablerData Catalog as a Business Enabler
Data Catalog as a Business EnablerSrinivasan Sankar
 
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...DATAVERSITY
 
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...Element22
 
DMBOK - Chapter 1 Summary
DMBOK - Chapter 1 SummaryDMBOK - Chapter 1 Summary
DMBOK - Chapter 1 SummaryNicolas Ruslim
 
Improving Data Literacy Around Data Architecture
Improving Data Literacy Around Data ArchitectureImproving Data Literacy Around Data Architecture
Improving Data Literacy Around Data ArchitectureDATAVERSITY
 
Convincing Stakeholders Data Governance Is Essential
Convincing Stakeholders Data Governance Is EssentialConvincing Stakeholders Data Governance Is Essential
Convincing Stakeholders Data Governance Is EssentialDATAVERSITY
 
Data Quality Best Practices
Data Quality Best PracticesData Quality Best Practices
Data Quality Best PracticesDATAVERSITY
 
Introduction to Data Governance
Introduction to Data GovernanceIntroduction to Data Governance
Introduction to Data GovernanceJohn Bao Vuu
 
How to Implement Data Governance Best Practice
How to Implement Data Governance Best PracticeHow to Implement Data Governance Best Practice
How to Implement Data Governance Best PracticeDATAVERSITY
 
RWDG Slides: What is a Data Steward to do?
RWDG Slides: What is a Data Steward to do?RWDG Slides: What is a Data Steward to do?
RWDG Slides: What is a Data Steward to do?DATAVERSITY
 
Data Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation SlidesData Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation SlidesSlideTeam
 
CDMP SLIDE TRAINER .pptx
CDMP SLIDE TRAINER .pptxCDMP SLIDE TRAINER .pptx
CDMP SLIDE TRAINER .pptxssuser65981b
 
Data Governance Takes a Village (So Why is Everyone Hiding?)
Data Governance Takes a Village (So Why is Everyone Hiding?)Data Governance Takes a Village (So Why is Everyone Hiding?)
Data Governance Takes a Village (So Why is Everyone Hiding?)DATAVERSITY
 
Lecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptLecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptDrBasemMohamedElomda
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 

More Related Content

What's hot

Chapter 2: Data Management Overviews
Chapter 2: Data Management OverviewsChapter 2: Data Management Overviews
Chapter 2: Data Management OverviewsAhmed Alorage
 
‏‏‏‏Chapter 9: Data Warehousing and Business Intelligence Management
‏‏‏‏Chapter 9: Data Warehousing and Business Intelligence Management‏‏‏‏Chapter 9: Data Warehousing and Business Intelligence Management
‏‏‏‏Chapter 9: Data Warehousing and Business Intelligence ManagementAhmed Alorage
 
‏‏‏‏‏‏‏‏‏‏‏‏Chapter 13: Professional Development
‏‏‏‏‏‏‏‏‏‏‏‏Chapter 13: Professional Development‏‏‏‏‏‏‏‏‏‏‏‏Chapter 13: Professional Development
‏‏‏‏‏‏‏‏‏‏‏‏Chapter 13: Professional DevelopmentAhmed Alorage
 
‏‏‏‏‏‏‏‏‏‏Chapter 12: Data Quality Management
‏‏‏‏‏‏‏‏‏‏Chapter 12: Data Quality Management‏‏‏‏‏‏‏‏‏‏Chapter 12: Data Quality Management
‏‏‏‏‏‏‏‏‏‏Chapter 12: Data Quality ManagementAhmed Alorage
 
Building a Data Governance Strategy
Building a Data Governance StrategyBuilding a Data Governance Strategy
Building a Data Governance StrategyAnalytics8
 
Data Governance Best Practices
Data Governance Best PracticesData Governance Best Practices
Data Governance Best PracticesDATAVERSITY
 
Glossaries, Dictionaries, and Catalogs Result in Data Governance
Glossaries, Dictionaries, and Catalogs Result in Data GovernanceGlossaries, Dictionaries, and Catalogs Result in Data Governance
Glossaries, Dictionaries, and Catalogs Result in Data GovernanceDATAVERSITY
 
Data Catalog as a Business Enabler
Data Catalog as a Business EnablerData Catalog as a Business Enabler
Data Catalog as a Business EnablerSrinivasan Sankar
 
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...DATAVERSITY
 
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...Element22
 
DMBOK - Chapter 1 Summary
DMBOK - Chapter 1 SummaryDMBOK - Chapter 1 Summary
DMBOK - Chapter 1 SummaryNicolas Ruslim
 
Improving Data Literacy Around Data Architecture
Improving Data Literacy Around Data ArchitectureImproving Data Literacy Around Data Architecture
Improving Data Literacy Around Data ArchitectureDATAVERSITY
 
Convincing Stakeholders Data Governance Is Essential
Convincing Stakeholders Data Governance Is EssentialConvincing Stakeholders Data Governance Is Essential
Convincing Stakeholders Data Governance Is EssentialDATAVERSITY
 
Data Quality Best Practices
Data Quality Best PracticesData Quality Best Practices
Data Quality Best PracticesDATAVERSITY
 
Introduction to Data Governance
Introduction to Data GovernanceIntroduction to Data Governance
Introduction to Data GovernanceJohn Bao Vuu
 
How to Implement Data Governance Best Practice
How to Implement Data Governance Best PracticeHow to Implement Data Governance Best Practice
How to Implement Data Governance Best PracticeDATAVERSITY
 
RWDG Slides: What is a Data Steward to do?
RWDG Slides: What is a Data Steward to do?RWDG Slides: What is a Data Steward to do?
RWDG Slides: What is a Data Steward to do?DATAVERSITY
 
Data Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation SlidesData Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation SlidesSlideTeam
 
CDMP SLIDE TRAINER .pptx
CDMP SLIDE TRAINER .pptxCDMP SLIDE TRAINER .pptx
CDMP SLIDE TRAINER .pptxssuser65981b
 
Data Governance Takes a Village (So Why is Everyone Hiding?)
Data Governance Takes a Village (So Why is Everyone Hiding?)Data Governance Takes a Village (So Why is Everyone Hiding?)
Data Governance Takes a Village (So Why is Everyone Hiding?)DATAVERSITY
 

What's hot (20)

Chapter 2: Data Management Overviews
Chapter 2: Data Management OverviewsChapter 2: Data Management Overviews
Chapter 2: Data Management Overviews
 
‏‏‏‏Chapter 9: Data Warehousing and Business Intelligence Management
‏‏‏‏Chapter 9: Data Warehousing and Business Intelligence Management‏‏‏‏Chapter 9: Data Warehousing and Business Intelligence Management
‏‏‏‏Chapter 9: Data Warehousing and Business Intelligence Management
 
‏‏‏‏‏‏‏‏‏‏‏‏Chapter 13: Professional Development
‏‏‏‏‏‏‏‏‏‏‏‏Chapter 13: Professional Development‏‏‏‏‏‏‏‏‏‏‏‏Chapter 13: Professional Development
‏‏‏‏‏‏‏‏‏‏‏‏Chapter 13: Professional Development
 
‏‏‏‏‏‏‏‏‏‏Chapter 12: Data Quality Management
‏‏‏‏‏‏‏‏‏‏Chapter 12: Data Quality Management‏‏‏‏‏‏‏‏‏‏Chapter 12: Data Quality Management
‏‏‏‏‏‏‏‏‏‏Chapter 12: Data Quality Management
 
Building a Data Governance Strategy
Building a Data Governance StrategyBuilding a Data Governance Strategy
Building a Data Governance Strategy
 
Data Governance Best Practices
Data Governance Best PracticesData Governance Best Practices
Data Governance Best Practices
 
Glossaries, Dictionaries, and Catalogs Result in Data Governance
Glossaries, Dictionaries, and Catalogs Result in Data GovernanceGlossaries, Dictionaries, and Catalogs Result in Data Governance
Glossaries, Dictionaries, and Catalogs Result in Data Governance
 
Data Catalog as a Business Enabler
Data Catalog as a Business EnablerData Catalog as a Business Enabler
Data Catalog as a Business Enabler
 
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
 
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
 
DMBOK - Chapter 1 Summary
DMBOK - Chapter 1 SummaryDMBOK - Chapter 1 Summary
DMBOK - Chapter 1 Summary
 
Improving Data Literacy Around Data Architecture
Improving Data Literacy Around Data ArchitectureImproving Data Literacy Around Data Architecture
Improving Data Literacy Around Data Architecture
 
Convincing Stakeholders Data Governance Is Essential
Convincing Stakeholders Data Governance Is EssentialConvincing Stakeholders Data Governance Is Essential
Convincing Stakeholders Data Governance Is Essential
 
Data Quality Best Practices
Data Quality Best PracticesData Quality Best Practices
Data Quality Best Practices
 
Introduction to Data Governance
Introduction to Data GovernanceIntroduction to Data Governance
Introduction to Data Governance
 
How to Implement Data Governance Best Practice
How to Implement Data Governance Best PracticeHow to Implement Data Governance Best Practice
How to Implement Data Governance Best Practice
 
RWDG Slides: What is a Data Steward to do?
RWDG Slides: What is a Data Steward to do?RWDG Slides: What is a Data Steward to do?
RWDG Slides: What is a Data Steward to do?
 
Data Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation SlidesData Governance Program Powerpoint Presentation Slides
Data Governance Program Powerpoint Presentation Slides
 
CDMP SLIDE TRAINER .pptx
CDMP SLIDE TRAINER .pptxCDMP SLIDE TRAINER .pptx
CDMP SLIDE TRAINER .pptx
 
Data Governance Takes a Village (So Why is Everyone Hiding?)
Data Governance Takes a Village (So Why is Everyone Hiding?)Data Governance Takes a Village (So Why is Everyone Hiding?)
Data Governance Takes a Village (So Why is Everyone Hiding?)
 

Similar to Chapter 7: Data Security Management

Lecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptLecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptDrBasemMohamedElomda
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposalDale White
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008Denny Lee
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
 
LOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODINGLOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODINGSri Latha
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?Jatin Kochhar
 
gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3Anne Starr
 
Flash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRFlash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRPrecisely
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3Anne Starr
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Andy Talbot
 
chapter2-220725121543-2788abac.pdf
chapter2-220725121543-2788abac.pdfchapter2-220725121543-2788abac.pdf
chapter2-220725121543-2788abac.pdfMahmoudSOLIMAN380726
 
Data Governance Overview - Doreen Christian
Data Governance Overview - Doreen ChristianData Governance Overview - Doreen Christian
Data Governance Overview - Doreen ChristianDoreen Christian
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsCillian Kieran
 
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Systems, Inc.
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsPrecisely
 

Similar to Chapter 7: Data Security Management (20)

Lecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptLecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.ppt
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset Security
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposal
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
 
LOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODINGLOW LEVEL DESIGN INSPECTION SECURE CODING
LOW LEVEL DESIGN INSPECTION SECURE CODING
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
 
gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3
 
Info.ppt
Info.pptInfo.ppt
Info.ppt
 
Flash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRFlash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPR
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
 
Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)Microsoft Cloud GDPR Compliance Options (SUGUK)
Microsoft Cloud GDPR Compliance Options (SUGUK)
 
chapter2-220725121543-2788abac.pdf
chapter2-220725121543-2788abac.pdfchapter2-220725121543-2788abac.pdf
chapter2-220725121543-2788abac.pdf
 
Data Governance Overview - Doreen Christian
Data Governance Overview - Doreen ChristianData Governance Overview - Doreen Christian
Data Governance Overview - Doreen Christian
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
 
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
 

Recently uploaded

Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
RadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdfRadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdfgstagge
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degreeyuu sss
 
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptx
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptxAmazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptx
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptxAbdelrhman abooda
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFAAndrei Kaleshka
 
Data Science Jobs and Salaries Analysis.pptx
Data Science Jobs and Salaries Analysis.pptxData Science Jobs and Salaries Analysis.pptx
Data Science Jobs and Salaries Analysis.pptxFurkanTasci3
 
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024thyngster
 
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一fhwihughh
 
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)jennyeacort
 
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一F La
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptSonatrach
 
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceSapana Sha
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998YohFuh
 
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingBrighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingNeil Barnes
 
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130Suhani Kapoor
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxStephen266013
 
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改yuu sss
 
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls DubaiDubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls Dubaihf8803863
 
vip Sarai Rohilla Call Girls 9999965857 Call or WhatsApp Now Book
vip Sarai Rohilla Call Girls 9999965857 Call or WhatsApp Now Bookvip Sarai Rohilla Call Girls 9999965857 Call or WhatsApp Now Book
vip Sarai Rohilla Call Girls 9999965857 Call or WhatsApp Now Bookmanojkuma9823
 

Recently uploaded (20)

Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
RadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdfRadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdf
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
 
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptx
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptxAmazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptx
Amazon TQM (2) Amazon TQM (2)Amazon TQM (2).pptx
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFA
 
Data Science Jobs and Salaries Analysis.pptx
Data Science Jobs and Salaries Analysis.pptxData Science Jobs and Salaries Analysis.pptx
Data Science Jobs and Salaries Analysis.pptx
 
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
 
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
办理学位证纽约大学毕业证(NYU毕业证书)原版一比一
 
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
 
E-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptxE-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
 
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
 
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts Service
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998
 
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingBrighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data Storytelling
 
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docx
 
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
 
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls DubaiDubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
 
vip Sarai Rohilla Call Girls 9999965857 Call or WhatsApp Now Book
vip Sarai Rohilla Call Girls 9999965857 Call or WhatsApp Now Bookvip Sarai Rohilla Call Girls 9999965857 Call or WhatsApp Now Book
vip Sarai Rohilla Call Girls 9999965857 Call or WhatsApp Now Book
 

Chapter 7: Data Security Management

  • 2. Objectives: • 7.1 Introduction • 7.2 Concepts and Activities • 7.2.1 Understand Data Security Needs and Regulatory Requirements • 7.2.1.1 Business Requirements • 7.2.1.2 Regulatory Requirements • 7.2.2 Define Data Security Policy • 7.2.3 Define Data Security Standards • 7.2.4 Define Data Security Controls and Procedures • 7.2.5 Manage Users, Passwords, and Group Membership • 7.2.5.1 Password Standards and Procedures • 7.2.6 Manage Data Access Views and Permissions • 7.2.7 Monitor User Authentication and Access Behavior • 7.2.8 Classify Information Confidentially • 7.2.9 Audit Data Security • 7.3 Data Security in Outsourced World
  • 3. 7 Data Security Management • Data Security is the fifth Data Management Function in the Data Management framework in Chapter 1. • Fourth data management function that interacts with and influenced by Data Governance function. • In this Chapter, we will defined the Data Security Management Function and Explains the Concepts and Activities involved in Data Security Management.
  • 4. 7.1 Introduction: • Data Security Management is the Planning, Development, and Execution of Security Policies and Procedures to Provide Proper Authentication, Authorization, Access, and Auditing of Data and Information assists. • Effective Data Security Policies and Procedures ensure that the right people can use and update data in the right way and all inappropriate access and update is restricted. • Understanding and complying with privacy and confidentiality interests and needs of all stakeholders is in the best interest of any organization. • Establishes judicious governance mechanisms that are easy enough to abide by a daily operational basis by all stakeholders.
  • 5.
  • 6. 7.2 Concepts and Activities • The Goal is to protect information assets in alignment with privacy and confidentiality regulations and business requirements. • The sources of Data Security management requirement come from: • Stakeholder concerns: including clients, patients, students…etc. • Government Regulations: protect stakeholder interests. Some of them restrict access to information, while other ensure openness, transparency, and accountability. • Proprietary Business Concerns: ensuring competitive advantage provided by intellectual property and intimate knowledge of customer needs. • Legitimate access Needs: Data security implementers must understand legitimate need for data access.
  • 7. 7.2 Concepts and Activities • Data Security requirements and procedures to meet these requirements can be categorized into four basic groups: • Authentication: Validate users are who they say they are. • Authorization: Identify the right individuals and grant them the right privileges to specific, appropriate views of data. • Access: Enable these individuals and their privileges in a timely manner. • Audit: Review Security actions and user activity to ensure compliance with regulations and conformance with policy and standards.
  • 8. •7.2.1 Understand Data Security Needs and Regulatory Requirements • Important to distinguish between rules and procedures, and the rules imposed by application software products. • Application systems serve as vehicles to enforce business rules and procedures. • It is common for these systems to have their own unique set of data security requirements over and above those required for business processes. • These unique requirements are becoming more common with packaged and off- the-shelf systems. • Therefore, this activity divide into two sub-activities: • 7.2.1.1 Business Requirements • 7.2.1.2 Regulatory Requirements
  • 9. •7.2.1.1 Business Requirements • Begin with a through understanding of business requirements. • Business mission and strategy percolates through data strategy must be the guiding factor in planning data security policy. • Address short-term and long-term goals to achieve a balanced and effective data security function. • There is a degree of data security defined through the business needs of an enterprise depending on the size of enterprises and the choice to have extended data security. • The security is touch points means every business rules and processes have its own security requirements. Therefore, tools such as “Data-to-process” and “Data –to-role” relationship matrices are useful tools to map these needs. • Identify detailed application security requirements in the analysis phase of every systems development project.
  • 10. •7.2.1.2 Regulatory Requirements • Organizations required to comply with growing set of regulations. • The ethical and legal issues facing organizations in the information age are leading governments to establish new laws and standards. • Requirements of several newer regulations, like: • United States Sarbanes-Oxley Act of 2002, Canadian Bill 198 • CLEBRP Act of Australia • Have all imposed strict security controls on information management. • The European Union’s Basel II Accord • imposes information controls for all financial institutions doing business in related countries. • In Saudi Arabia, NDMO Related to SADIA • imposes information controls for all government and non-government sectors related to Information.
  • 11. •7.2.2 Define Data Security Policy • Data Security Policy is a collaborative effort from IT security administrators, Data Stewards, internal and external audit teams, and legal department. Reviewed and approved from Data Governance council. • IT security policy and Data Security Policy is part of combined Security Policy. However, Should separate them out. • Data Security Policies are more granular in nature and take a very data-centric approach. • Defining directory structures and an identity management framework can be IT Security Policy component, • Whereas defining the individual application, Database roles, User groups, and password standards can be part of the Data Security Policy.
  • 12. 7.2.3 Define Data Security Standards • Organizations should design their own Security controls, demonstrate them to meet the requirements of the law and regulations and document them. • IT strategy and standards can also influence: • Tools used to manage data security • Data encryption standards and mechanisms. • Access guidelines to external vendors and contractors. • Data transmission protocols over the internet. • Documentation requirements. • Remote access standards. • Security breach incident reporting procedures.
  • 13. 7.2.3 Define Data Security Standards • Physical Security standards, as part of enterprise IT policies: • Access to data using mobile devices. • Storage of data on portable devices such as laptops, DVDs, or USB drives. • Disposal of these devices in compliance with records management policies. • The focus should be on quality and consistency, not creating a huge body of guidelines. • Should be in a format that is easily accessible by suppliers, consumers, and stakeholders. • Should be satisfying the four A’s “authentication, authorization, access and audit”
  • 14. 7.2.4 Define Data Security Controls and Procedures • Implementation and administration of data security policy is primarily the responsibility of security administrators. DB Security is often one responsibility of “DBAs”. • Implementing a proper controls to meet the objectives of pertinent laws. • Implementing a process to validate assigned permissions against change management system used for tracking all user permission requests. • The control may also require a workflow approval process or signed paper from to record and document each request.
  • 15. 7.2.5 Manage Users, Passwords, and Group Membership • Access and Update can be granted to individual user accounts. However, may results of redundant effort. • Role groups enable security administrators to define privileges by role, and to grant these privileges to users by enrolling them in. • Try to assign each user to only one role group. • Construct group definitions at a workgroup and organize roles in hierarchy, “child roles restrict the privileges of parent roles”. (roles management) Figure 7.2 • Security administrators create, modify and delete user accounts and groups. • Changes made to the group taxonomy and membership should require some level of approval, and tracking using a change management system. • Data consistency in user and group management is a challenge in a heterogeneous environment. • To avoid data integrity issues, manage user identity data and role-group membership data centrally.
  • 16.
  • 17. 7.2.5.1 Password Standards and Procedures • Passwords are the first line of defense in protecting access to data. • Typical password complexity requirements require a password to: • Contain at least 8 characters. • Contain an uppercase letter and a numeral. • Not be the same as the username • Not be the same as the previous 5 passwords used. • Not contain Complete dictionary words in any language. • Not be incremental (password1, Password2, etc). • Not have two characters repeated sequentially. • Avoid using adjacent characters from the keyboard. • If the system supports a space in passwords, then a ‘pass phrase’ can be used. • The capability ‘single-sign-on’ should be implemented. • Users to change their passwords every 45 to 60 days is required. • Security administrators and help desk analysts assist in troubleshooting and resolving password related issues.
  • 18. 7.2.6 Manage Data Access Views and Permissions • Valid and appropriate access to data. Control sensitive data access by granting permissions (opt-in). Without permission, a user can do nothing. • Control data access at an individual or group level: • Smaller organizations may find it acceptable to manage data access. • Larger organizations will benefit greatly from role-based access control, granting permissions to role groups. • RDB views provide another important mechanism for data security, enabling restrictions to data in tables to certain rows based on data values. • Access control degrades when achieved through shared or service accounts • Evaluate use of such accounts carefully, and never use them frequently or by default.
  • 19. 7.2.7 Monitor User Authentication and Access Behavior • Monitoring authentication and access behavior is critical because: • It provides information about who is connecting and accessing information assets, which is a basic requirement for compliance auditing. • It alerts security administrators to unforeseen situations, compensating for oversights in data security planning, design, and implementation. • Monitoring helps detect unusual or suspicious transactions that may warrant further investigation and issue resolution. • Systems containing confidential information such as salary, financial data, etc. commonly implement active, real-time monitoring. “send notification to the data stewards”
  • 20. 7.2.7 Monitor User Authentication and Access Behavior • Passive monitoring tracks changes over time by taking snapshots of the current state of a system at regular intervals and comparing trends against a benchmark or defined set of criteria. • Automated monitoring does impose an overhead on the underlying systems. • Enforce monitoring at several layers or data touch points. Monitoring can be: • Application specific. • Implemented for certain users and / or role groups. • Implemented for certain privileges. • Used for data integrity validation. • Implemented for configuration and core meta-data validation. • Implemented across heterogeneous systems for checking dependencies.
  • 21. 7.2.8 Classify Information Confidentially • A simple confidentiality classification schema used to classify an enterprise’s data and information products. • Five confidentiality levels followed by the schema: • For General Audiences: available to everyone • Internal use only: information limited to employees or members. • Confidential: information should not be shared outside the organization. • Restricted Confidential: information limited to individuals performing certain roles with the ”need to know”. • Registered Confidential: information that anyone accessing should sign a legal agreement to access data. • Classify documents and reports based on the highest level of confidentiality for any information found within the document. Through labeling. • Correctly classifying and labeling the appropriate confidentiality level for each document. • Also, classify databases, relational tables, columns, and views. Information confidentiality classification is an important meta-data characteristic, guiding how users are granted access privileges. • Data Stewards are responsible for evaluating and determining the appropriate confidentiality level for data.
  • 22. 7.2.9 Audit Data Security • Auditing data security is a recurring control activity with responsibility to analyze, validate, counsel, and recommend policies, standards, and activities related to data security management. • Data Security auditors • should not have direct responsibility for the activities being audited • Provide management and the data governance council with objectives, unbiased assessments, and relational, practical recommendations. • Data security policy statements, standards documents, implementation guides, change requests, access monitoring logs, report outputs, and other records from the basis of auditing.
  • 23. 7.2.9 Audit Data Security • Auditing data security includes: • Analyzing data security policy and standards against best practices and needs. • Analyzing implementation Procedures and actual practices to ensure consistency with data security goals, polices, standards, guidelines, and desired outcomes. • Assessing whether existing standards and procedures are adequate and in alignment with business and technology requirements. • Verifying the organization is in compliance with regulatory requirements. • Reviewing the reliability and accuracy of data security audit data. • Evaluating escalation procedures and notification mechanisms in the event of data security breach. • Reviewing contracts, data sharing agreements, and data security obligations of outsourced and external vendors, ensuring they meet their obligations, and ensuring the organization meets its obligations for externally sourced data. • Reporting to senior management, data stewards, and other stakeholders on the ‘State of Data Security’ within the organization and the maturity of its practices. • Recommending data security design, operational, and compliance improvements. • Auditing data security is no substitute for effective management of data security. • Auditing is a supportive, repeatable process, which should occur regularly, efficiently, and consistently.
  • 24. 7.3 Data Security in an Outsourced World • The Option of Outsourcing in Organization is in order and may happened, Only “Liability” is not. • Outsourcing IT Operations Introduces additional data security challenges and responsibilities. “number of people sharing accountability for data access”. • Which lead to explicitly defined as “Contractual Obligations”. • Contracts must specify the responsibilities and expectations of each role. • Risk are escalated to include outsource vendor “external risk and internal risk”.
  • 25. 7.3 Data Security in an Outsourced World, continuo. • Transferring control, but not accountability, requires tighter risk management and control mechanisms. Such: • Service Level agreements. • Limited Liability Provisions in the outsourcing contract. • Right-to-audit clauses in the contract. • Clearly defined consequences to breaching contractual obligations. • Frequent data security reports from the service vendor. • Independent monitoring of vendor system activity. • More frequent and through data security auditing. • Constant communication with the service vendor. • In outsourced environment, ‘chain of custody’ Analysis should maintained related with “CRUD” Processes. • RACI “Responsible, Accountable, Consulted, and informed” matrices help clarify roles, duties and responsibilities of data security requirements. “can be apart of contractual agreements” • In outsourcing IT Operations, required appropriate compliance mechanisms.