Recommended
Recommended
More Related Content
What's hot
What's hot (19)
Similar to Data privacy & data governance
Similar to Data privacy & data governance (20)
Recently uploaded
Recently uploaded (20)
Data privacy & data governance
- 6. Components Data Governance for the purpose of using data as an asset driving strategic objectives.
- 8. 4pillars of data privacy
- 9. Data Privacy Risk Management Process 1
- 10. DLP (Data Loss Prevention) Software Data loss/leak prevention solutions are designed to detect potential data breach incidents in a timely manner and prevent them by monitoring data while in-use, in-motion and at-rest. A data leakage incident is when, sensitive data is disclosed to unauthorized personnel by malicious intent or human mistake. DLP Suite INTERNET
- 11. ABSENCE OF DATA PRIVACY & DATA GOVERNANCE LEADS TO • • • • • IDENTITY THEFT PERSONAL SAFETY DESTROYES LIVES ADVERSELY AFFECTED INTEGRITY IS COMPROMISED DATA CAN BE USED FOR MALACIOUS PURPOSE Two Sides Of Coin
- 12. Steps for Success • Step 1: Get a governor and the right people in place to PREVENT & GOVERN our data • Step 2: Survey your situation • Step 3: Develop a data-privacy & governance strategy • Step 4: Calculate the value of your data • Step 5: Calculate the probability of risk • Step 6: Monitor the efficiency of your controls
Editor's Notes
- Secure information Safeguard against malware and intrusions Protect systems from evolving threats Identify access control Protect sensitive data from unauthorized access or use Provide management controls for identity, access , and provisioning Information protection Protect sensitive data in structured databases Protect sensitive data in unstructured documents, messages, and records Automate data classification Protect data in motion Auditing and Reporting Monitor to verify integrity of systems and data Monitor to verify compliance with policies Organizations can use technologies for systems monitoring and compliance controls. Such technologies verify that system and data access controls are operating effectively and assist in identifying suspicious or noncompliant activity. They can also help ease the systems administration burden and reduce troubleshooting planning. Capabilities include: Harmonizing compliance requirements across IT processes Selecting activities that enable automation of data governance compliance and produce proof of that compliance Detecting and reporting on misplaced data by performing routine sweeps using automatic file classification
- Diagramming Multiple techniques can be used for diagramming. Microsoft product teams and our consulting services organization typically use data flow diagrams (DFDs) with the addition of “trust boundaries.” A trust boundary is a border that separates business entities and/or IT infrastructure realms, such as networks or administrative domains. Every time confidential data crosses a trust boundary, basic assumptions about security, policies, processes, and practices—or all of these combined—might change, and with them the threats that will be identified in the next step. Threat Enumeration Once the diagram is ready and all trust boundaries have been identified, the next step is enumerating potential threats against privacy and confidentiality using the four data privacy and confidentiality principles and identifying threats that might affect the integrity of each one. Here are the four principles, each followed by examples of threat types Principle 1: Honor policies throughout the confidential data lifespan Choice and consent (collection, use, and disclosure) o Inadequate notice of data collection, use, disclosure, and redress policies. o Unclear or misleading language or processes for the user to follow in choosing and providing consent for the collection and use of personal information. Individual access and correction o Limited or nonexistent means for users to verify the correctness of their personal information. Accountability o Lack of necessary controls to enforce customer choice and consent, as well as other relevant policies, laws, and regulations, including data classification. Principle 2: Minimize risk of unauthorized access or misuse of confidential data Information protection o Lack of reasonable administrative, technical, and physical safeguards to ensure confidentiality, integrity, and availability of data. o Unauthorized or inappropriate access to data. Data quality o Lack of means to verify accuracy, timeliness, and relevance of data. o Lack of means for users to make corrections as appropriate. Principle 3: Minimize impact of confidential data loss Information protection o Insufficient safeguards (i.e., strong encryption) to ensure confidentiality of data if it is lost or stolen. Accountability o Lack of a data breach response plan and an escalation path. o System does not encrypt all confidential data. o Adherence to data protection principles cannot be verified through appropriate monitoring, auditing, and use of controls. Principle 4: Document applicable controls and demonstrate their effectiveness Accountability o Plans, controls, processes, or system configurations are not properly documented. Compliance o Compliance cannot be verified or demonstrated through existing logs, reports, and controls. o Lack of a clear noncompliance escalation path and process. o Lack of a breach notification plan. Lack of other response plans that are required by law.