SlideShare a Scribd company logo

Boosting Cybersecurity with Data Governance (peer reviewed)

Guy Pearce
Guy Pearce

Data Governance has a significant role to play in information security, with special data classes beyond the regular four cyber classes (public, confidential, classified and restricted) being useful in helping the organization identify whether sensitive data was exposed in a breach.

1 of 6
ISACA JOURNAL VOL 3 1 ©2017 ISACA. All rights reserved. www.isaca.org featurefeature Regulators Are Driving Activities In a joint sitting of the Basel Committee on Banking Supervision (BCBS), the International Organization of Securities Commissions (IOSCO) and the International Association of Insurance Supervisors (IAIS), regulators recognized the need for better data quality.1 Banks were at the forefront of the new regulatory requirements for enterprise data management via the Basel BCBS 239, which was introduced in 2013.2 BCBS 239 addressed the poor quality of reports that were submitted to regulators during the height of the global financial crisis and outlined the need for: • Metadata, single identifiers and unified naming conventions for data. The latter two items are concerned with enterprise master and reference data management and are generally referred to as MDM.3 • Established roles and responsibilities in the enterprise—the data stewardship organization— with respect to managing enterprise data4 • Specific measures of data quality5 BCBS 239 gave rise to the creation of new bank departments and has been a driver of the chief data officer (CDO) role to head the department, often with a board or chief executive officer (CEO) mandate to meet these regulatory requirements. Although different in formality, structure and interpretation, the CDO’s scope includes data governance, data stewardship and enterprise data management. Considering the original joint sitting of Basel (banking industry), IAIS (insurance industry) and IOSCO (securities industry), similar regulations could apply to insurance and securities enterprises, too. The relationship between cyber security and the regulatory requirements for data governance, data stewardship and enterprise data management is set to strengthen. Enterprise data management (EDM), data stewardship and data governance are concerned with the what, who and how of managing the enterprise data asset, respectively: • Enterprise data management (the what)— Enabling the business to make the most of its data asset, supported by suitable tools and processes. EDM objectives include measuring data quality (and attesting to data and report quality); ensuring that reference data, e.g., product codes, are accurate (master data management); and ensuring that business has the same understanding of various business terms (metadata). • Data stewardship (the who)—Identifying the people/positions involved in EDM within the business and ensuring the formal definition of their responsibilities and accountabilities. A data steward may need to measure the quality of a data element each month to support regulatory reporting; data stewardship formalizes these responsibilities and accountabilities. • Data governance (the how)—Establishing, monitoring and sometimes enforcing policies, procedures, standards and guidelines that are related to the overall management of enterprise data, with the goal of sustainably ensuring data availability, usability and security. Data governance activities provide direction and structure to data stewardship and enterprise data management activities. Boosting Cyber Security With Data Governance and Enterprise Data Management Guy Pearce Is managing partner of REData Performance Consulting, which specializes in integrating data, governance, strategy, risk management and IT to produce auditable, data-driven value for enterprises and their customers. Pearce has served on the boards of directors of private and public companies in the banking, financial services and retail industries over the past decade and on their finance, risk, audit, credit, and information and communications technology committees. Pearce can be reached at pearcegf@gmail.com.
ISACA JOURNAL VOL 3 2 ©2017 ISACA. All rights reserved. www.isaca.org action, and the latter can result in unexpected and undesirable business outcomes that can, in turn, incur reputational and other risk for the enterprise. Note that beyond absolute data quality, an enterprise should also know how well data that are copied by the enterprise from a production data source downstream into, for example, a data warehouse or data lake, remain accurate. Organizations need to know that this copy—facilitating organizational reporting and analytics—accurately reflects the production data. This example describes relative data quality that is assessed by means of data transport validation processes. Regulators are interested in absolute and relative data quality. Positive Outcomes for Regulators and Data Users Data quality processes enable users to know if a report can be trusted. For example, which report in figure 1 is more trustworthy? Report A is certified across four data-quality dimensions—accuracy, integrity, completeness and timeliness—providing assurance of its trustworthiness. Report B has unknown quality and is unqualified, which is typical of most business reports. The same matter applies to those enterprises that leverage analytics for enhanced business insights. If one set of insights is quality certified and another one is not certified, the former is more reliable to Figure 1—Data Quality Comparison of Report A and Report B Source: G. Pearce. Reprinted with permission. A B Statement of cash flow Balance sheet Income statement Accuracy Integrity Completeness Timelines Accuracy (unknown) Integrity (unknown) Completeness (unknown) Timelines (unknown) Statement of cash flow Balance sheet Income statement A B Statement of cash flow Balance sheet Income statement Accuracy Integrity Completeness Timelines Accuracy (unknown) Integrity (unknown) Completeness (unknown) Timelines (unknown) Statement of cash flow Balance sheet Income statement
ISACA JOURNAL VOL 3 3 ©2017 ISACA. All rights reserved. www.isaca.org Good Cyber Security Deploys Multiple Lines of Defense Cyber security strategies should create several lines of defense against attackers. One such line of cyberdefense is technology, e.g., for malware, viruses and hackers. For some enterprises, this is the only line of defense, which, unfortunately, still leaves the enterprise exposed to residual cyberrisk. Another line of defense is ensuring that staff members are formally made aware of the risk that is associated with data and that they act according to defined data governance policies when handling enterprise data. Yet another example is third-party due diligence, in which data governance establishes the cyber security expectations of third parties. Corporate governance—the board of directors’ job—is the line of defense that looks at business culture, beginning with setting the right tone about risk at the very top of the enterprise.9 Four Ways Data Governance and Enterprise Data Management Boost Cyber Security Data governance and enterprise data management augment the various lines of defense for data at risk. Data at risk are data that, if they were to fall into unauthorized hands, would compromise an enterprise and/or its customers. Identifying data at risk is a key activity, because securing all data is an impossible and very costly task for most enterprises. Data governance and enterprise data management boost cyber security in four ways. Helping to Identify Data at Risk Enterprise data management tools have made identifying sensitive data easier. Personally identifiable information (PII) (e.g., contact details, payment card industry [PCI] data, credit card details) and protected health information (PHI) (e.g., data containing individual medical records) constitute sensitive data. Enterprise data Relating Data Security, Governance, Stewardship and Quality Data governance embraces all that data impact and that impacts data. For example, COBIT® 5 sees data governance as overseeing information custodianship and information security,6 and the Data Management Association (DAMA) International places data governance at the hub of nine categories, including data quality, metadata and data security.7 There is also an overlap between data security, data quality, data governance and data stewardship8 (figure 2), specifically from the enterprise perspective. Figure 2—Relationship Between Data Governance, Data Stewardship, Enterprise Data Management and Data Security Source: G. Pearce. Reprinted with permission. Incremental enterprise risk is introduced if the four categories in figure 2 are inconsistent for any reason. The matter of organizational data management maturity comes to the forefront in plans to sustainably resolve such inconsistencies. Data Governance Data Stewardship Enterprise Data Management Data Security Enjoying this article? • Learn more about, discuss and collaborate on cybersecurity in the Knowledge Center. www.isaca.org/ cybersecurity-topic
ISACA JOURNAL VOL 3 4 ©2017 ISACA. All rights reserved. www.isaca.org • Perform transaction log analysis • Perform business process analysis and audits • Analyze job descriptions (data-intensive roles) • Perform application audits (e.g., identify tools permitting sensitive data drill downs) • Analyze data models, including areas of data duplication and data redundancy (data life cycle management). Helping to Locate Sensitive Data Heading the list of things that keep senior executives up at night is “not knowing where sensitive data reside.”12 Fifty percent of information security professionals worry that they do not understand the full extent of the data risk of their enterprise.13 Not knowing the location of enterprise sensitive data hampers the ability to identify enterprise data at risk, thereby compromising the enterprise’s ability to design an effective cyber security strategy. Not knowing the location also hampers the ability of the enterprise to rapidly and properly respond to a data breach, which is an existing and emerging regulatory requirement in many jurisdictions and can result in significant fines and penalties.14 management tools can also help with identifying other data categories that the enterprise defines as sensitive. A breach of sensitive data is the cause of most reputation and financial risk for enterprises. Hackers largely desire sensitive identity data (PII and PHI) because they have a longer shelf-life than financial data (PCI and other). Financial data are only useful to the hacker for as long as it takes the victim to inform the bank of stolen credentials.10 With PII and PHI data, crimes can be committed in a victim’s name for weeks, months or longer before anyone notices, with life-changing consequences for those affected. The enterprise also needs to know who in the organization is using the sensitive data, the location of the data and how the data flow through the enterprise. The enterprise’s data stewardship component can facilitate the identification of who has access to which data, helping to mitigate the risk of people being the biggest cause of information security incidents.11 Enterprise data management tools can also facilitate identifying data location and how they flow through the enterprise (data lineage). Other ways of identifying data at risk are to: • Analyze data flows • Review enterprise access rights Fifty percent of information security professionals worry that they do not understand the full extent of the data risk of their enterprise.
ISACA JOURNAL VOL 3 5 ©2017 ISACA. All rights reserved. www.isaca.org Modern data quality tools address this access risk by providing masking and tokenization functionality. Some tools also limit drill-down access to the underlying data. These features enable data stewards and other users to profile their data and assess their data quality without ever seeing the data and, thereby, potentially compromising data security. Conclusion Data governance and enterprise data management are key to the future competitiveness and sustainability of enterprises. The benefits of data governance and enterprise data management span areas such as cyber security, marketing, sales, strategy, finance, compliance and audit, and, from an operational perspective, business intelligence, reporting and analytics. This article outlined some benefits of the relationship between cyber security, enterprise data management and data governance. Knowing the relationship between data governance and cyber security, enterprises need to ask if their enterprise data are consistently governed under a single umbrella. If not, an enterprise could have inconsistent and even contradictory policies deployed across the enterprise, which introduces new risk. Good corporate governance requires new risk to be recognized and documented in the enterprise risk register for board-level visibility. Some data quality tools can automatically infer the classification of data and allow custom classifications to be defined. These features are a natural outcome of the data profiling process, which accesses data stored at defined locations to perform the required data profiling tasks. The classifications, which determine whether data looks like credit card data (PCI), passport data (PII) or even fits a custom classification, can then be integrated into custom reports, enabling the enterprise to identify the location of any data of a given classification for strategic, operational or regulatory purposes. Helping to Identify Sensitive Data Users and Ensuring Consistent Data Access Processes Access to PCI, PII and PHI should be tightly controlled. As a result, business data stewards might lament that data security hampers them from doing their job, such as data profiling to determine data quality, while the data security team might remind data stewards that it is their job to restrict access to sensitive data to protect the data from the risk of misuse. Data governance establishes policies and standards with respect to enterprise data. Given the relationship between data governance and cyber security, these policies and standards can also be used to guide the development of consistent data access processes across silos and across the enterprise. The policies define the principles of access for each diverse user group, and the data security team implements processes to suit each of these policies. Software tools are beginning to provide more of this type of functionality. Helping to Ensure Safer Access to Sensitive Data Data users do not always need to be able to see sensitive data to be able to use the data. This is important, because one of the greatest cyberrisk factors is internal staff, especially those with privileged access to data.15 Data stewards have privileged access, especially when it comes to data profiling. How can the risk of data stewards misusing sensitive data be mitigated? Data users do not always need to be able to see sensitive data to be able to use the data.
ISACA JOURNAL VOL 3 6 ©2017 ISACA. All rights reserved. www.isaca.org 9 Akmeemana, C.; G. Pearce; “Tech-based Cybersecurity Can’t Stop ‘People Risk’,” American Banker, 22 July 2016, https://www. americanbanker.com/opinion/tech-based- cybersecurity-cant-stop-people-risk 10 Rashid, F. Y.; “Why Hackers Want Your Health Care Data Most of All,” InfoWorld, 14 September 2015, www.infoworld.com/ article/2983634/security/why-hackers-want- your-health-care-data-breaches-most-of-all.html 11 PricewaterhouseCoopers, “Managing Cyber Risks in an Interconnected World: Key Findings From the Global State of Information Security Survey 2015,” 30 September 2014, www.pwc. com/gx/en/consulting-services/information- security-survey/assets/the-global-state-of- information-security-survey-2015.pdf 12 Ponemon Institute, “The State of Data Security Intelligence in 2015,” 7 April 2015, www. slideshare.net/informaticacorp/infagraphic- ponemon-state-of-data-centric-security 13 Ibid. 14 Friedman, K.; T. Hunter; J. Halpert; “Canada’s PIPEDA: Consultation Opportunity for Data Breach Reporting Regulations,” 31 May 2016, www.dlapiper.com/en/canada/insights/ publications/2016/05/canadas-pipeda- consultation-opportunity/ 15 Shaw, N.; “It Shouldn’t Matter How Many US Bs Are Lost,” InfoSecurity, 27 January 2016, www.infosecurity-magazine.com/blogs/it- shouldnt-matter-how-many-usbs/ Ultimately, leveraging enterprise data management and data governance outcomes in a cyber security context creates another line of defense for one of the modern enterprise’s most valuable assets with little incremental effort. Endnotes 1 Bank for International Settlements, Trends in Risk Integration and Aggregation, August 2003, www.bis.org/publ/joint07.pdf 2 Bank for International Settlements, Principles for Effective Risk Data Aggregation and Risk Reporting, January 2013, www.bis.org/publ/ bcbs239.pdf 3 Ibid. 4 Ibid. 5 Ibid. 6 Suer, M.; R. Nolan; “Using COBIT® 5 to Deliver Information and Data Governance,” COBIT® Focus, 12 January 2015, www.isaca.org/ cobit/focus/pages/using-cobit-5-to-deliver- information-and-data-governance.aspx 7 DAMA International, “Body of Knowledge,” 2015, www.dama.org/content/body-knowledge 8 Stanford University, “Data Governance at Stanford: A Data Governance Overview,” 19 September 2011, http://web.stanford.edu/ dept/pres-provost/cgi-bin/dg/wordpress/wp- content/uploads/2011/11/DG-News001.pdf

Recommended

Governance and Architecture in Data Integration
Governance and Architecture in Data IntegrationGovernance and Architecture in Data Integration
Governance and Architecture in Data Integration
AnalytiX DS
 
White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...
White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...
White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...
AnalytixDataServices
 
Data Management
Data ManagementData Management
Data Management
BashirMutebi1
 
5 Level of MDM Maturity
5 Level of MDM Maturity5 Level of MDM Maturity
5 Level of MDM Maturity
PanaEk Warawit
 
Master data management gfoa
Master data management gfoaMaster data management gfoa
Master data management gfoa
Harry Black
 
Running head organizational information system1 organizational
Running head organizational information system1 organizational Running head organizational information system1 organizational
Running head organizational information system1 organizational
AKHIL969626
 
LS_WhitePaper_NextGenAnalyticsMay2016
LS_WhitePaper_NextGenAnalyticsMay2016LS_WhitePaper_NextGenAnalyticsMay2016
LS_WhitePaper_NextGenAnalyticsMay2016Anjan Roy, PMP
 
Data quality management
Data quality managementData quality management
Data quality managementselinasimpson0101
 

Recommended

Governance and Architecture in Data Integration
Governance and Architecture in Data IntegrationGovernance and Architecture in Data Integration
Governance and Architecture in Data Integration
AnalytiX DS
 
White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...
White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...
White Paper-1-AnalytiX Mapping Manager-Governance And Architecture In Data In...
AnalytixDataServices
 
Data Management
Data ManagementData Management
Data Management
BashirMutebi1
 
5 Level of MDM Maturity
5 Level of MDM Maturity5 Level of MDM Maturity
5 Level of MDM Maturity
PanaEk Warawit
 
Master data management gfoa
Master data management gfoaMaster data management gfoa
Master data management gfoa
Harry Black
 
Running head organizational information system1 organizational
Running head organizational information system1 organizational Running head organizational information system1 organizational
Running head organizational information system1 organizational
AKHIL969626
 
LS_WhitePaper_NextGenAnalyticsMay2016
LS_WhitePaper_NextGenAnalyticsMay2016LS_WhitePaper_NextGenAnalyticsMay2016
LS_WhitePaper_NextGenAnalyticsMay2016Anjan Roy, PMP
 
Data quality management
Data quality managementData quality management
Data quality managementselinasimpson0101
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
Ghullam Murtaza
 
Managing Dirty Data In Organization Using Erp
Managing Dirty Data In Organization Using ErpManaging Dirty Data In Organization Using Erp
Managing Dirty Data In Organization Using ErpDonovan Mulder
 
Successful stewardship Presentation
Successful stewardship PresentationSuccessful stewardship Presentation
Successful stewardship Presentation
Certus Solutions
 
Information Governance
Information GovernanceInformation Governance
Information Governance
Lorne Rogers, ECM-M, PMP [Open Networker]
 
Scenario you have recently been hired as a chief information gov
Scenario you have recently been hired as a chief information govScenario you have recently been hired as a chief information gov
Scenario you have recently been hired as a chief information gov
AKHIL969626
 
Getting Ahead Of The Game: Proactive Data Governance
Getting Ahead Of The Game: Proactive Data GovernanceGetting Ahead Of The Game: Proactive Data Governance
Getting Ahead Of The Game: Proactive Data Governance
Harley Capewell
 
Driving Business Performance with effective Enterprise Information Management
Driving Business Performance with effective Enterprise Information ManagementDriving Business Performance with effective Enterprise Information Management
Driving Business Performance with effective Enterprise Information Management
Ray Bachert
 
Information Governance: Reducing Costs and Increasing Customer Satisfaction
Information Governance: Reducing Costs and Increasing Customer SatisfactionInformation Governance: Reducing Costs and Increasing Customer Satisfaction
Information Governance: Reducing Costs and Increasing Customer SatisfactionCapgemini
 
Reference master data management
Reference master data managementReference master data management
Reference master data management
Dr. Hamdan Al-Sabri
 
Metadata Repositories in Health Care - Master Data Management Approach to Met...
Metadata Repositories in Health Care - Master Data Management Approach to Met...Metadata Repositories in Health Care - Master Data Management Approach to Met...
Metadata Repositories in Health Care - Master Data Management Approach to Met...
Health Informatics New Zealand
 
Data Governance for Enterprises
Data Governance for EnterprisesData Governance for Enterprises
Data Governance for Enterprises
Chaitanya Avasarala
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
David Kearney
 
Information systems, organizations, management, and strategy
Information systems, organizations, management, and strategyInformation systems, organizations, management, and strategy
Information systems, organizations, management, and strategyProf. Othman Alsalloum
 
Analytics Organization Modeling for Maturity Assessment and Strategy Development
Analytics Organization Modeling for Maturity Assessment and Strategy DevelopmentAnalytics Organization Modeling for Maturity Assessment and Strategy Development
Analytics Organization Modeling for Maturity Assessment and Strategy Development
Vijay Raj
 
Oracle Big Data Governance Webcast Charts
Oracle Big Data Governance Webcast ChartsOracle Big Data Governance Webcast Charts
Oracle Big Data Governance Webcast Charts
Jeffrey T. Pollock
 
Data Governance challenges in a major Energy Company
Data Governance challenges in a major Energy CompanyData Governance challenges in a major Energy Company
Data Governance challenges in a major Energy Company
Christopher Bradley
 
Ebook - The Guide to Master Data Management
Ebook - The Guide to Master Data Management Ebook - The Guide to Master Data Management
Ebook - The Guide to Master Data Management
Hazelknight Media & Entertainment Pvt Ltd
 
Chapter 5 data resource management
Chapter 5 data resource managementChapter 5 data resource management
Chapter 5 data resource management
AG RD
 
Master Data Management
Master Data ManagementMaster Data Management
Master Data Management
Sreekanth Narendran
 
task 1
task 1task 1
task 1
BIBEKCHAUDHARYBScHon
 
Data Governance
Data GovernanceData Governance
Data Governance
Axis Technology, LLC
 
Practical Guide to Data Governance Success
Practical Guide to Data Governance SuccessPractical Guide to Data Governance Success
Practical Guide to Data Governance Success
Ample Insight Inc
 

More Related Content

What's hot

Chapter 3
Chapter 3Chapter 3
Chapter 3
Ghullam Murtaza
 
Managing Dirty Data In Organization Using Erp
Managing Dirty Data In Organization Using ErpManaging Dirty Data In Organization Using Erp
Managing Dirty Data In Organization Using ErpDonovan Mulder
 
Successful stewardship Presentation
Successful stewardship PresentationSuccessful stewardship Presentation
Successful stewardship Presentation
Certus Solutions
 
Information Governance
Information GovernanceInformation Governance
Information Governance
Lorne Rogers, ECM-M, PMP [Open Networker]
 
Scenario you have recently been hired as a chief information gov
Scenario you have recently been hired as a chief information govScenario you have recently been hired as a chief information gov
Scenario you have recently been hired as a chief information gov
AKHIL969626
 
Getting Ahead Of The Game: Proactive Data Governance
Getting Ahead Of The Game: Proactive Data GovernanceGetting Ahead Of The Game: Proactive Data Governance
Getting Ahead Of The Game: Proactive Data Governance
Harley Capewell
 
Driving Business Performance with effective Enterprise Information Management
Driving Business Performance with effective Enterprise Information ManagementDriving Business Performance with effective Enterprise Information Management
Driving Business Performance with effective Enterprise Information Management
Ray Bachert
 
Information Governance: Reducing Costs and Increasing Customer Satisfaction
Information Governance: Reducing Costs and Increasing Customer SatisfactionInformation Governance: Reducing Costs and Increasing Customer Satisfaction
Information Governance: Reducing Costs and Increasing Customer SatisfactionCapgemini
 
Reference master data management
Reference master data managementReference master data management
Reference master data management
Dr. Hamdan Al-Sabri
 
Metadata Repositories in Health Care - Master Data Management Approach to Met...
Metadata Repositories in Health Care - Master Data Management Approach to Met...Metadata Repositories in Health Care - Master Data Management Approach to Met...
Metadata Repositories in Health Care - Master Data Management Approach to Met...
Health Informatics New Zealand
 
Data Governance for Enterprises
Data Governance for EnterprisesData Governance for Enterprises
Data Governance for Enterprises
Chaitanya Avasarala
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
David Kearney
 
Information systems, organizations, management, and strategy
Information systems, organizations, management, and strategyInformation systems, organizations, management, and strategy
Information systems, organizations, management, and strategyProf. Othman Alsalloum
 
Analytics Organization Modeling for Maturity Assessment and Strategy Development
Analytics Organization Modeling for Maturity Assessment and Strategy DevelopmentAnalytics Organization Modeling for Maturity Assessment and Strategy Development
Analytics Organization Modeling for Maturity Assessment and Strategy Development
Vijay Raj
 
Oracle Big Data Governance Webcast Charts
Oracle Big Data Governance Webcast ChartsOracle Big Data Governance Webcast Charts
Oracle Big Data Governance Webcast Charts
Jeffrey T. Pollock
 
Data Governance challenges in a major Energy Company
Data Governance challenges in a major Energy CompanyData Governance challenges in a major Energy Company
Data Governance challenges in a major Energy Company
Christopher Bradley
 
Ebook - The Guide to Master Data Management
Ebook - The Guide to Master Data Management Ebook - The Guide to Master Data Management
Ebook - The Guide to Master Data Management
Hazelknight Media & Entertainment Pvt Ltd
 
Chapter 5 data resource management
Chapter 5 data resource managementChapter 5 data resource management
Chapter 5 data resource management
AG RD
 
Master Data Management
Master Data ManagementMaster Data Management
Master Data Management
Sreekanth Narendran
 

What's hot (20)

Chapter 3
Chapter 3Chapter 3
Chapter 3
 
Managing Dirty Data In Organization Using Erp
Managing Dirty Data In Organization Using ErpManaging Dirty Data In Organization Using Erp
Managing Dirty Data In Organization Using Erp
 
Successful stewardship Presentation
Successful stewardship PresentationSuccessful stewardship Presentation
Successful stewardship Presentation
 
Information Governance
Information GovernanceInformation Governance
Information Governance
 
Scenario you have recently been hired as a chief information gov
Scenario you have recently been hired as a chief information govScenario you have recently been hired as a chief information gov
Scenario you have recently been hired as a chief information gov
 
Getting Ahead Of The Game: Proactive Data Governance
Getting Ahead Of The Game: Proactive Data GovernanceGetting Ahead Of The Game: Proactive Data Governance
Getting Ahead Of The Game: Proactive Data Governance
 
Driving Business Performance with effective Enterprise Information Management
Driving Business Performance with effective Enterprise Information ManagementDriving Business Performance with effective Enterprise Information Management
Driving Business Performance with effective Enterprise Information Management
 
Information Governance: Reducing Costs and Increasing Customer Satisfaction
Information Governance: Reducing Costs and Increasing Customer SatisfactionInformation Governance: Reducing Costs and Increasing Customer Satisfaction
Information Governance: Reducing Costs and Increasing Customer Satisfaction
 
Reference master data management
Reference master data managementReference master data management
Reference master data management
 
Metadata Repositories in Health Care - Master Data Management Approach to Met...
Metadata Repositories in Health Care - Master Data Management Approach to Met...Metadata Repositories in Health Care - Master Data Management Approach to Met...
Metadata Repositories in Health Care - Master Data Management Approach to Met...
 
Data Governance for Enterprises
Data Governance for EnterprisesData Governance for Enterprises
Data Governance for Enterprises
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
 
Information systems, organizations, management, and strategy
Information systems, organizations, management, and strategyInformation systems, organizations, management, and strategy
Information systems, organizations, management, and strategy
 
Analytics Organization Modeling for Maturity Assessment and Strategy Development
Analytics Organization Modeling for Maturity Assessment and Strategy DevelopmentAnalytics Organization Modeling for Maturity Assessment and Strategy Development
Analytics Organization Modeling for Maturity Assessment and Strategy Development
 
Oracle Big Data Governance Webcast Charts
Oracle Big Data Governance Webcast ChartsOracle Big Data Governance Webcast Charts
Oracle Big Data Governance Webcast Charts
 
Data Governance challenges in a major Energy Company
Data Governance challenges in a major Energy CompanyData Governance challenges in a major Energy Company
Data Governance challenges in a major Energy Company
 
Ebook - The Guide to Master Data Management
Ebook - The Guide to Master Data Management Ebook - The Guide to Master Data Management
Ebook - The Guide to Master Data Management
 
Chapter 5 data resource management
Chapter 5 data resource managementChapter 5 data resource management
Chapter 5 data resource management
 
Master Data Management
Master Data ManagementMaster Data Management
Master Data Management
 
task 1
task 1task 1
task 1
 

Similar to Boosting Cybersecurity with Data Governance (peer reviewed)

Data Governance
Data GovernanceData Governance
Data Governance
Axis Technology, LLC
 
Practical Guide to Data Governance Success
Practical Guide to Data Governance SuccessPractical Guide to Data Governance Success
Practical Guide to Data Governance Success
Ample Insight Inc
 
Why data governance is the new buzz?
Why data governance is the new buzz?Why data governance is the new buzz?
Why data governance is the new buzz?
Aachen Data & AI Meetup
 
Developing A Universal Approach to Cleansing Customer and Product Data
Developing A Universal Approach to Cleansing Customer and Product DataDeveloping A Universal Approach to Cleansing Customer and Product Data
Developing A Universal Approach to Cleansing Customer and Product Data
FindWhitePapers
 
Qlik wp 2021_q3_data_governance_in_the_modern_data_analytics_pipeline
Qlik wp 2021_q3_data_governance_in_the_modern_data_analytics_pipelineQlik wp 2021_q3_data_governance_in_the_modern_data_analytics_pipeline
Qlik wp 2021_q3_data_governance_in_the_modern_data_analytics_pipeline
Srikanth Sharma Boddupalli
 
Reference data management in financial services industry
Reference data management in financial services industryReference data management in financial services industry
Reference data management in financial services industry
NIIT Technologies
 
Data quality management system
Data quality management systemData quality management system
Data quality management systemselinasimpson361
 
Data Management Best Practices
Data Management Best PracticesData Management Best Practices
Data Management Best Practices
DATAVERSITY
 
Importance of Data Governance
Importance of Data GovernanceImportance of Data Governance
Importance of Data Governance
HTS Hosting
 
Information governance presentation
Information governance presentationInformation governance presentation
Information governance presentation
Igor Swann
 
Data quality management best practices
Data quality management best practicesData quality management best practices
Data quality management best practicesselinasimpson2201
 
data collection, data integration, data management, data modeling.pptx
data collection, data integration, data management, data modeling.pptxdata collection, data integration, data management, data modeling.pptx
data collection, data integration, data management, data modeling.pptx
Sourabhkumar729579
 
oracle-data-governance-wp.pdf
oracle-data-governance-wp.pdforacle-data-governance-wp.pdf
oracle-data-governance-wp.pdf
aliramezani30
 
Quality management best practices
Quality management best practicesQuality management best practices
Quality management best practicesselinasimpson2201
 
Data Quality Strategy: A Step-by-Step Approach
Data Quality Strategy: A Step-by-Step ApproachData Quality Strategy: A Step-by-Step Approach
Data Quality Strategy: A Step-by-Step Approach
FindWhitePapers
 
big data.pptx
big data.pptxbig data.pptx
big data.pptx
VirajSaud
 
Eiu collibra transforming data into action-the business outlook for data gove...
Eiu collibra transforming data into action-the business outlook for data gove...Eiu collibra transforming data into action-the business outlook for data gove...
Eiu collibra transforming data into action-the business outlook for data gove...
The Economist Media Businesses
 
eCommerce Product Data Governance: Why Does It Matter?
eCommerce Product Data Governance: Why Does It Matter?eCommerce Product Data Governance: Why Does It Matter?
eCommerce Product Data Governance: Why Does It Matter?
Arnav Malhotra
 

Similar to Boosting Cybersecurity with Data Governance (peer reviewed) (20)

Data Governance
Data GovernanceData Governance
Data Governance
 
Practical Guide to Data Governance Success
Practical Guide to Data Governance SuccessPractical Guide to Data Governance Success
Practical Guide to Data Governance Success
 
Why data governance is the new buzz?
Why data governance is the new buzz?Why data governance is the new buzz?
Why data governance is the new buzz?
 
Developing A Universal Approach to Cleansing Customer and Product Data
Developing A Universal Approach to Cleansing Customer and Product DataDeveloping A Universal Approach to Cleansing Customer and Product Data
Developing A Universal Approach to Cleansing Customer and Product Data
 
Qlik wp 2021_q3_data_governance_in_the_modern_data_analytics_pipeline
Qlik wp 2021_q3_data_governance_in_the_modern_data_analytics_pipelineQlik wp 2021_q3_data_governance_in_the_modern_data_analytics_pipeline
Qlik wp 2021_q3_data_governance_in_the_modern_data_analytics_pipeline
 
Reference data management in financial services industry
Reference data management in financial services industryReference data management in financial services industry
Reference data management in financial services industry
 
Bad customer data?
Bad customer data?Bad customer data?
Bad customer data?
 
Data quality management system
Data quality management systemData quality management system
Data quality management system
 
Data Management Best Practices
Data Management Best PracticesData Management Best Practices
Data Management Best Practices
 
Importance of Data Governance
Importance of Data GovernanceImportance of Data Governance
Importance of Data Governance
 
Information governance presentation
Information governance presentationInformation governance presentation
Information governance presentation
 
Data quality management best practices
Data quality management best practicesData quality management best practices
Data quality management best practices
 
data collection, data integration, data management, data modeling.pptx
data collection, data integration, data management, data modeling.pptxdata collection, data integration, data management, data modeling.pptx
data collection, data integration, data management, data modeling.pptx
 
oracle-data-governance-wp.pdf
oracle-data-governance-wp.pdforacle-data-governance-wp.pdf
oracle-data-governance-wp.pdf
 
Quality management best practices
Quality management best practicesQuality management best practices
Quality management best practices
 
Data Quality Strategy: A Step-by-Step Approach
Data Quality Strategy: A Step-by-Step ApproachData Quality Strategy: A Step-by-Step Approach
Data Quality Strategy: A Step-by-Step Approach
 
3 data mgmt
3 data mgmt3 data mgmt
3 data mgmt
 
big data.pptx
big data.pptxbig data.pptx
big data.pptx
 
Eiu collibra transforming data into action-the business outlook for data gove...
Eiu collibra transforming data into action-the business outlook for data gove...Eiu collibra transforming data into action-the business outlook for data gove...
Eiu collibra transforming data into action-the business outlook for data gove...
 
eCommerce Product Data Governance: Why Does It Matter?
eCommerce Product Data Governance: Why Does It Matter?eCommerce Product Data Governance: Why Does It Matter?
eCommerce Product Data Governance: Why Does It Matter?
 

More from Guy Pearce

Governance: The key to effecting successful Digital Transformation
Governance: The key to effecting successful Digital TransformationGovernance: The key to effecting successful Digital Transformation
Governance: The key to effecting successful Digital Transformation
Guy Pearce
 
Closing the gap between innovation intent and reality (corporate governance)
Closing the gap between innovation intent and reality (corporate governance)Closing the gap between innovation intent and reality (corporate governance)
Closing the gap between innovation intent and reality (corporate governance)
Guy Pearce
 
Cybersecurity: Whose job is it anyway?
Cybersecurity: Whose job is it anyway?Cybersecurity: Whose job is it anyway?
Cybersecurity: Whose job is it anyway?
Guy Pearce
 
Leading enterprise-scale big data business outcomes
Leading enterprise-scale big data business outcomesLeading enterprise-scale big data business outcomes
Leading enterprise-scale big data business outcomes
Guy Pearce
 
Big data governance as a corporate governance imperative
Big data governance as a corporate governance imperativeBig data governance as a corporate governance imperative
Big data governance as a corporate governance imperative
Guy Pearce
 
Creating $100 million from Big Data Analytics in Banking
Creating $100 million from Big Data Analytics in BankingCreating $100 million from Big Data Analytics in Banking
Creating $100 million from Big Data Analytics in Banking
Guy Pearce
 
Branding In Banking And Finance 2011
Branding In Banking And Finance 2011Branding In Banking And Finance 2011
Branding In Banking And Finance 2011
Guy Pearce
 
African Retail Banking Opportunities In The Brics And (1)
African Retail Banking Opportunities In The Brics And (1)African Retail Banking Opportunities In The Brics And (1)
African Retail Banking Opportunities In The Brics And (1)
Guy Pearce
 
The relationship marketing advantage, ICSB Halifax, Canada, 2008
The relationship marketing advantage, ICSB Halifax, Canada, 2008The relationship marketing advantage, ICSB Halifax, Canada, 2008
The relationship marketing advantage, ICSB Halifax, Canada, 2008
Guy Pearce
 
Marketing Science Conference on the SME use of banking products, Vancouver 2008
Marketing Science Conference on the SME use of banking products, Vancouver 2008 Marketing Science Conference on the SME use of banking products, Vancouver 2008
Marketing Science Conference on the SME use of banking products, Vancouver 2008
Guy Pearce
 
Academy of Marketing International Conference On Brand Management, Birmingham...
Academy of Marketing International Conference On Brand Management, Birmingham...Academy of Marketing International Conference On Brand Management, Birmingham...
Academy of Marketing International Conference On Brand Management, Birmingham...
Guy Pearce
 
Emerging Market SME Turnaround in a Recession: Theory and Practice. Cincinnat...
Emerging Market SME Turnaround in a Recession: Theory and Practice. Cincinnat...Emerging Market SME Turnaround in a Recession: Theory and Practice. Cincinnat...
Emerging Market SME Turnaround in a Recession: Theory and Practice. Cincinnat...
Guy Pearce
 

More from Guy Pearce (12)

Governance: The key to effecting successful Digital Transformation
Governance: The key to effecting successful Digital TransformationGovernance: The key to effecting successful Digital Transformation
Governance: The key to effecting successful Digital Transformation
 
Closing the gap between innovation intent and reality (corporate governance)
Closing the gap between innovation intent and reality (corporate governance)Closing the gap between innovation intent and reality (corporate governance)
Closing the gap between innovation intent and reality (corporate governance)
 
Cybersecurity: Whose job is it anyway?
Cybersecurity: Whose job is it anyway?Cybersecurity: Whose job is it anyway?
Cybersecurity: Whose job is it anyway?
 
Leading enterprise-scale big data business outcomes
Leading enterprise-scale big data business outcomesLeading enterprise-scale big data business outcomes
Leading enterprise-scale big data business outcomes
 
Big data governance as a corporate governance imperative
Big data governance as a corporate governance imperativeBig data governance as a corporate governance imperative
Big data governance as a corporate governance imperative
 
Creating $100 million from Big Data Analytics in Banking
Creating $100 million from Big Data Analytics in BankingCreating $100 million from Big Data Analytics in Banking
Creating $100 million from Big Data Analytics in Banking
 
Branding In Banking And Finance 2011
Branding In Banking And Finance 2011Branding In Banking And Finance 2011
Branding In Banking And Finance 2011
 
African Retail Banking Opportunities In The Brics And (1)
African Retail Banking Opportunities In The Brics And (1)African Retail Banking Opportunities In The Brics And (1)
African Retail Banking Opportunities In The Brics And (1)
 
The relationship marketing advantage, ICSB Halifax, Canada, 2008
The relationship marketing advantage, ICSB Halifax, Canada, 2008The relationship marketing advantage, ICSB Halifax, Canada, 2008
The relationship marketing advantage, ICSB Halifax, Canada, 2008
 
Marketing Science Conference on the SME use of banking products, Vancouver 2008
Marketing Science Conference on the SME use of banking products, Vancouver 2008 Marketing Science Conference on the SME use of banking products, Vancouver 2008
Marketing Science Conference on the SME use of banking products, Vancouver 2008
 
Academy of Marketing International Conference On Brand Management, Birmingham...
Academy of Marketing International Conference On Brand Management, Birmingham...Academy of Marketing International Conference On Brand Management, Birmingham...
Academy of Marketing International Conference On Brand Management, Birmingham...
 
Emerging Market SME Turnaround in a Recession: Theory and Practice. Cincinnat...
Emerging Market SME Turnaround in a Recession: Theory and Practice. Cincinnat...Emerging Market SME Turnaround in a Recession: Theory and Practice. Cincinnat...
Emerging Market SME Turnaround in a Recession: Theory and Practice. Cincinnat...
 

Recently uploaded

Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Subhajit Sahu
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP
 
一比一原版(CBU毕业证)卡普顿大学毕业证如何办理
一比一原版(CBU毕业证)卡普顿大学毕业证如何办理一比一原版(CBU毕业证)卡普顿大学毕业证如何办理
一比一原版(CBU毕业证)卡普顿大学毕业证如何办理
ahzuo
 
Influence of Marketing Strategy and Market Competition on Business Plan
Influence of Marketing Strategy and Market Competition on Business PlanInfluence of Marketing Strategy and Market Competition on Business Plan
Influence of Marketing Strategy and Market Competition on Business Plan
jerlynmaetalle
 
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
ahzuo
 
Malana- Gimlet Market Analysis (Portfolio 2)
Malana- Gimlet Market Analysis (Portfolio 2)Malana- Gimlet Market Analysis (Portfolio 2)
Malana- Gimlet Market Analysis (Portfolio 2)
TravisMalana
 
原版制作(swinburne毕业证书)斯威本科技大学毕业证毕业完成信一模一样
原版制作(swinburne毕业证书)斯威本科技大学毕业证毕业完成信一模一样原版制作(swinburne毕业证书)斯威本科技大学毕业证毕业完成信一模一样
原版制作(swinburne毕业证书)斯威本科技大学毕业证毕业完成信一模一样
u86oixdj
 
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
u86oixdj
 
Data_and_Analytics_Essentials_Architect_an_Analytics_Platform.pptx
Data_and_Analytics_Essentials_Architect_an_Analytics_Platform.pptxData_and_Analytics_Essentials_Architect_an_Analytics_Platform.pptx
Data_and_Analytics_Essentials_Architect_an_Analytics_Platform.pptx
AnirbanRoy608946
 
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Subhajit Sahu
 
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
slg6lamcq
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
ewymefz
 
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
oz8q3jxlp
 
一比一原版(UofS毕业证书)萨省大学毕业证如何办理
一比一原版(UofS毕业证书)萨省大学毕业证如何办理一比一原版(UofS毕业证书)萨省大学毕业证如何办理
一比一原版(UofS毕业证书)萨省大学毕业证如何办理
v3tuleee
 
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
AbhimanyuSinha9
 
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
Timothy Spann
 
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
NABLAS株式会社
 
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
John Andrews
 
一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理
一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理
一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理
mbawufebxi
 

Recently uploaded (20)

Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
Algorithmic optimizations for Dynamic Levelwise PageRank (from STICD) : SHORT...
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 
Criminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdfCriminal IP - Threat Hunting Webinar.pdf
Criminal IP - Threat Hunting Webinar.pdf
 
一比一原版(CBU毕业证)卡普顿大学毕业证如何办理
一比一原版(CBU毕业证)卡普顿大学毕业证如何办理一比一原版(CBU毕业证)卡普顿大学毕业证如何办理
一比一原版(CBU毕业证)卡普顿大学毕业证如何办理
 
Influence of Marketing Strategy and Market Competition on Business Plan
Influence of Marketing Strategy and Market Competition on Business PlanInfluence of Marketing Strategy and Market Competition on Business Plan
Influence of Marketing Strategy and Market Competition on Business Plan
 
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证如何办理
 
Malana- Gimlet Market Analysis (Portfolio 2)
Malana- Gimlet Market Analysis (Portfolio 2)Malana- Gimlet Market Analysis (Portfolio 2)
Malana- Gimlet Market Analysis (Portfolio 2)
 
原版制作(swinburne毕业证书)斯威本科技大学毕业证毕业完成信一模一样
原版制作(swinburne毕业证书)斯威本科技大学毕业证毕业完成信一模一样原版制作(swinburne毕业证书)斯威本科技大学毕业证毕业完成信一模一样
原版制作(swinburne毕业证书)斯威本科技大学毕业证毕业完成信一模一样
 
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
原版制作(Deakin毕业证书)迪肯大学毕业证学位证一模一样
 
Data_and_Analytics_Essentials_Architect_an_Analytics_Platform.pptx
Data_and_Analytics_Essentials_Architect_an_Analytics_Platform.pptxData_and_Analytics_Essentials_Architect_an_Analytics_Platform.pptx
Data_and_Analytics_Essentials_Architect_an_Analytics_Platform.pptx
 
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...
 
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证书)阿德莱德大学毕业证如何办理
 
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
一比一原版(UofM毕业证)明尼苏达大学毕业证成绩单
 
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
一比一原版(Deakin毕业证书)迪肯大学毕业证如何办理
 
一比一原版(UofS毕业证书)萨省大学毕业证如何办理
一比一原版(UofS毕业证书)萨省大学毕业证如何办理一比一原版(UofS毕业证书)萨省大学毕业证如何办理
一比一原版(UofS毕业证书)萨省大学毕业证如何办理
 
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...Best best suvichar in gujarati english meaning of this sentence as Silk road ...
Best best suvichar in gujarati english meaning of this sentence as Silk road ...
 
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Dat...
 
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
【社内勉強会資料_Octo: An Open-Source Generalist Robot Policy】
 
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...
 
一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理
一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理
一比一原版(Bradford毕业证书)布拉德福德大学毕业证如何办理
 

Boosting Cybersecurity with Data Governance (peer reviewed)

  • 1. ISACA JOURNAL VOL 3 1 ©2017 ISACA. All rights reserved. www.isaca.org featurefeature Regulators Are Driving Activities In a joint sitting of the Basel Committee on Banking Supervision (BCBS), the International Organization of Securities Commissions (IOSCO) and the International Association of Insurance Supervisors (IAIS), regulators recognized the need for better data quality.1 Banks were at the forefront of the new regulatory requirements for enterprise data management via the Basel BCBS 239, which was introduced in 2013.2 BCBS 239 addressed the poor quality of reports that were submitted to regulators during the height of the global financial crisis and outlined the need for: • Metadata, single identifiers and unified naming conventions for data. The latter two items are concerned with enterprise master and reference data management and are generally referred to as MDM.3 • Established roles and responsibilities in the enterprise—the data stewardship organization— with respect to managing enterprise data4 • Specific measures of data quality5 BCBS 239 gave rise to the creation of new bank departments and has been a driver of the chief data officer (CDO) role to head the department, often with a board or chief executive officer (CEO) mandate to meet these regulatory requirements. Although different in formality, structure and interpretation, the CDO’s scope includes data governance, data stewardship and enterprise data management. Considering the original joint sitting of Basel (banking industry), IAIS (insurance industry) and IOSCO (securities industry), similar regulations could apply to insurance and securities enterprises, too. The relationship between cyber security and the regulatory requirements for data governance, data stewardship and enterprise data management is set to strengthen. Enterprise data management (EDM), data stewardship and data governance are concerned with the what, who and how of managing the enterprise data asset, respectively: • Enterprise data management (the what)— Enabling the business to make the most of its data asset, supported by suitable tools and processes. EDM objectives include measuring data quality (and attesting to data and report quality); ensuring that reference data, e.g., product codes, are accurate (master data management); and ensuring that business has the same understanding of various business terms (metadata). • Data stewardship (the who)—Identifying the people/positions involved in EDM within the business and ensuring the formal definition of their responsibilities and accountabilities. A data steward may need to measure the quality of a data element each month to support regulatory reporting; data stewardship formalizes these responsibilities and accountabilities. • Data governance (the how)—Establishing, monitoring and sometimes enforcing policies, procedures, standards and guidelines that are related to the overall management of enterprise data, with the goal of sustainably ensuring data availability, usability and security. Data governance activities provide direction and structure to data stewardship and enterprise data management activities. Boosting Cyber Security With Data Governance and Enterprise Data Management Guy Pearce Is managing partner of REData Performance Consulting, which specializes in integrating data, governance, strategy, risk management and IT to produce auditable, data-driven value for enterprises and their customers. Pearce has served on the boards of directors of private and public companies in the banking, financial services and retail industries over the past decade and on their finance, risk, audit, credit, and information and communications technology committees. Pearce can be reached at pearcegf@gmail.com.
  • 2. ISACA JOURNAL VOL 3 2 ©2017 ISACA. All rights reserved. www.isaca.org action, and the latter can result in unexpected and undesirable business outcomes that can, in turn, incur reputational and other risk for the enterprise. Note that beyond absolute data quality, an enterprise should also know how well data that are copied by the enterprise from a production data source downstream into, for example, a data warehouse or data lake, remain accurate. Organizations need to know that this copy—facilitating organizational reporting and analytics—accurately reflects the production data. This example describes relative data quality that is assessed by means of data transport validation processes. Regulators are interested in absolute and relative data quality. Positive Outcomes for Regulators and Data Users Data quality processes enable users to know if a report can be trusted. For example, which report in figure 1 is more trustworthy? Report A is certified across four data-quality dimensions—accuracy, integrity, completeness and timeliness—providing assurance of its trustworthiness. Report B has unknown quality and is unqualified, which is typical of most business reports. The same matter applies to those enterprises that leverage analytics for enhanced business insights. If one set of insights is quality certified and another one is not certified, the former is more reliable to Figure 1—Data Quality Comparison of Report A and Report B Source: G. Pearce. Reprinted with permission. A B Statement of cash flow Balance sheet Income statement Accuracy Integrity Completeness Timelines Accuracy (unknown) Integrity (unknown) Completeness (unknown) Timelines (unknown) Statement of cash flow Balance sheet Income statement A B Statement of cash flow Balance sheet Income statement Accuracy Integrity Completeness Timelines Accuracy (unknown) Integrity (unknown) Completeness (unknown) Timelines (unknown) Statement of cash flow Balance sheet Income statement
  • 3. ISACA JOURNAL VOL 3 3 ©2017 ISACA. All rights reserved. www.isaca.org Good Cyber Security Deploys Multiple Lines of Defense Cyber security strategies should create several lines of defense against attackers. One such line of cyberdefense is technology, e.g., for malware, viruses and hackers. For some enterprises, this is the only line of defense, which, unfortunately, still leaves the enterprise exposed to residual cyberrisk. Another line of defense is ensuring that staff members are formally made aware of the risk that is associated with data and that they act according to defined data governance policies when handling enterprise data. Yet another example is third-party due diligence, in which data governance establishes the cyber security expectations of third parties. Corporate governance—the board of directors’ job—is the line of defense that looks at business culture, beginning with setting the right tone about risk at the very top of the enterprise.9 Four Ways Data Governance and Enterprise Data Management Boost Cyber Security Data governance and enterprise data management augment the various lines of defense for data at risk. Data at risk are data that, if they were to fall into unauthorized hands, would compromise an enterprise and/or its customers. Identifying data at risk is a key activity, because securing all data is an impossible and very costly task for most enterprises. Data governance and enterprise data management boost cyber security in four ways. Helping to Identify Data at Risk Enterprise data management tools have made identifying sensitive data easier. Personally identifiable information (PII) (e.g., contact details, payment card industry [PCI] data, credit card details) and protected health information (PHI) (e.g., data containing individual medical records) constitute sensitive data. Enterprise data Relating Data Security, Governance, Stewardship and Quality Data governance embraces all that data impact and that impacts data. For example, COBIT® 5 sees data governance as overseeing information custodianship and information security,6 and the Data Management Association (DAMA) International places data governance at the hub of nine categories, including data quality, metadata and data security.7 There is also an overlap between data security, data quality, data governance and data stewardship8 (figure 2), specifically from the enterprise perspective. Figure 2—Relationship Between Data Governance, Data Stewardship, Enterprise Data Management and Data Security Source: G. Pearce. Reprinted with permission. Incremental enterprise risk is introduced if the four categories in figure 2 are inconsistent for any reason. The matter of organizational data management maturity comes to the forefront in plans to sustainably resolve such inconsistencies. Data Governance Data Stewardship Enterprise Data Management Data Security Enjoying this article? • Learn more about, discuss and collaborate on cybersecurity in the Knowledge Center. www.isaca.org/ cybersecurity-topic
  • 4. ISACA JOURNAL VOL 3 4 ©2017 ISACA. All rights reserved. www.isaca.org • Perform transaction log analysis • Perform business process analysis and audits • Analyze job descriptions (data-intensive roles) • Perform application audits (e.g., identify tools permitting sensitive data drill downs) • Analyze data models, including areas of data duplication and data redundancy (data life cycle management). Helping to Locate Sensitive Data Heading the list of things that keep senior executives up at night is “not knowing where sensitive data reside.”12 Fifty percent of information security professionals worry that they do not understand the full extent of the data risk of their enterprise.13 Not knowing the location of enterprise sensitive data hampers the ability to identify enterprise data at risk, thereby compromising the enterprise’s ability to design an effective cyber security strategy. Not knowing the location also hampers the ability of the enterprise to rapidly and properly respond to a data breach, which is an existing and emerging regulatory requirement in many jurisdictions and can result in significant fines and penalties.14 management tools can also help with identifying other data categories that the enterprise defines as sensitive. A breach of sensitive data is the cause of most reputation and financial risk for enterprises. Hackers largely desire sensitive identity data (PII and PHI) because they have a longer shelf-life than financial data (PCI and other). Financial data are only useful to the hacker for as long as it takes the victim to inform the bank of stolen credentials.10 With PII and PHI data, crimes can be committed in a victim’s name for weeks, months or longer before anyone notices, with life-changing consequences for those affected. The enterprise also needs to know who in the organization is using the sensitive data, the location of the data and how the data flow through the enterprise. The enterprise’s data stewardship component can facilitate the identification of who has access to which data, helping to mitigate the risk of people being the biggest cause of information security incidents.11 Enterprise data management tools can also facilitate identifying data location and how they flow through the enterprise (data lineage). Other ways of identifying data at risk are to: • Analyze data flows • Review enterprise access rights Fifty percent of information security professionals worry that they do not understand the full extent of the data risk of their enterprise.
  • 5. ISACA JOURNAL VOL 3 5 ©2017 ISACA. All rights reserved. www.isaca.org Modern data quality tools address this access risk by providing masking and tokenization functionality. Some tools also limit drill-down access to the underlying data. These features enable data stewards and other users to profile their data and assess their data quality without ever seeing the data and, thereby, potentially compromising data security. Conclusion Data governance and enterprise data management are key to the future competitiveness and sustainability of enterprises. The benefits of data governance and enterprise data management span areas such as cyber security, marketing, sales, strategy, finance, compliance and audit, and, from an operational perspective, business intelligence, reporting and analytics. This article outlined some benefits of the relationship between cyber security, enterprise data management and data governance. Knowing the relationship between data governance and cyber security, enterprises need to ask if their enterprise data are consistently governed under a single umbrella. If not, an enterprise could have inconsistent and even contradictory policies deployed across the enterprise, which introduces new risk. Good corporate governance requires new risk to be recognized and documented in the enterprise risk register for board-level visibility. Some data quality tools can automatically infer the classification of data and allow custom classifications to be defined. These features are a natural outcome of the data profiling process, which accesses data stored at defined locations to perform the required data profiling tasks. The classifications, which determine whether data looks like credit card data (PCI), passport data (PII) or even fits a custom classification, can then be integrated into custom reports, enabling the enterprise to identify the location of any data of a given classification for strategic, operational or regulatory purposes. Helping to Identify Sensitive Data Users and Ensuring Consistent Data Access Processes Access to PCI, PII and PHI should be tightly controlled. As a result, business data stewards might lament that data security hampers them from doing their job, such as data profiling to determine data quality, while the data security team might remind data stewards that it is their job to restrict access to sensitive data to protect the data from the risk of misuse. Data governance establishes policies and standards with respect to enterprise data. Given the relationship between data governance and cyber security, these policies and standards can also be used to guide the development of consistent data access processes across silos and across the enterprise. The policies define the principles of access for each diverse user group, and the data security team implements processes to suit each of these policies. Software tools are beginning to provide more of this type of functionality. Helping to Ensure Safer Access to Sensitive Data Data users do not always need to be able to see sensitive data to be able to use the data. This is important, because one of the greatest cyberrisk factors is internal staff, especially those with privileged access to data.15 Data stewards have privileged access, especially when it comes to data profiling. How can the risk of data stewards misusing sensitive data be mitigated? Data users do not always need to be able to see sensitive data to be able to use the data.
  • 6. ISACA JOURNAL VOL 3 6 ©2017 ISACA. All rights reserved. www.isaca.org 9 Akmeemana, C.; G. Pearce; “Tech-based Cybersecurity Can’t Stop ‘People Risk’,” American Banker, 22 July 2016, https://www. americanbanker.com/opinion/tech-based- cybersecurity-cant-stop-people-risk 10 Rashid, F. Y.; “Why Hackers Want Your Health Care Data Most of All,” InfoWorld, 14 September 2015, www.infoworld.com/ article/2983634/security/why-hackers-want- your-health-care-data-breaches-most-of-all.html 11 PricewaterhouseCoopers, “Managing Cyber Risks in an Interconnected World: Key Findings From the Global State of Information Security Survey 2015,” 30 September 2014, www.pwc. com/gx/en/consulting-services/information- security-survey/assets/the-global-state-of- information-security-survey-2015.pdf 12 Ponemon Institute, “The State of Data Security Intelligence in 2015,” 7 April 2015, www. slideshare.net/informaticacorp/infagraphic- ponemon-state-of-data-centric-security 13 Ibid. 14 Friedman, K.; T. Hunter; J. Halpert; “Canada’s PIPEDA: Consultation Opportunity for Data Breach Reporting Regulations,” 31 May 2016, www.dlapiper.com/en/canada/insights/ publications/2016/05/canadas-pipeda- consultation-opportunity/ 15 Shaw, N.; “It Shouldn’t Matter How Many US Bs Are Lost,” InfoSecurity, 27 January 2016, www.infosecurity-magazine.com/blogs/it- shouldnt-matter-how-many-usbs/ Ultimately, leveraging enterprise data management and data governance outcomes in a cyber security context creates another line of defense for one of the modern enterprise’s most valuable assets with little incremental effort. Endnotes 1 Bank for International Settlements, Trends in Risk Integration and Aggregation, August 2003, www.bis.org/publ/joint07.pdf 2 Bank for International Settlements, Principles for Effective Risk Data Aggregation and Risk Reporting, January 2013, www.bis.org/publ/ bcbs239.pdf 3 Ibid. 4 Ibid. 5 Ibid. 6 Suer, M.; R. Nolan; “Using COBIT® 5 to Deliver Information and Data Governance,” COBIT® Focus, 12 January 2015, www.isaca.org/ cobit/focus/pages/using-cobit-5-to-deliver- information-and-data-governance.aspx 7 DAMA International, “Body of Knowledge,” 2015, www.dama.org/content/body-knowledge 8 Stanford University, “Data Governance at Stanford: A Data Governance Overview,” 19 September 2011, http://web.stanford.edu/ dept/pres-provost/cgi-bin/dg/wordpress/wp- content/uploads/2011/11/DG-News001.pdf