One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1422057 |
| Date de publication | 2019-10-23 13:00:00 (vue: 2019-10-23 16:06:42) |
| Titre | Data Governance….at the heart of security, privacy, and risk |
| Texte | Security, privacy, and risk does not have to be scary… but with GDPR, CCPA, and organizations moving to a risk-based approach to security rather than focusing on only compliance, it has become a daunting challenge. What is typically at the heart of organizations? Data and information. The common denominator that makes security, privacy and risk more effective and dare I say, easier?….data governance. What is data governance? Data governance is the capability within an organization to help provide for and protect for high quality data throughout the lifecycle of that data. This includes data integrity, data security, availability, and consistency. Data governance includes people, processes, and technology that help enable appropriate handling of the data across the organization. Data governance program policies include: Delineating accountability for those responsible for data and data assets Assigning responsibility to appropriate levels in the organization for managing and protecting the data Determining who can take what actions, with what data, under what circumstances, using what methods (see Data Governance Institute for details.) Identifying safeguards to protect data Providing integrity controls to provide for the quality and accuracy of data How does data governance help with privacy management? You have to know what data you have, where it is, how it is used, and who it is shared with to comply with applicable privacy regulations, and have the processes to obtain appropriate consents, access and delete it. Privacy regulations are basically a business case for data governance. Imagine if organizations had already done extensive data mapping exercises prior to GDPR? Imagine if they knew where, why, what, and how about the data prior to GDPR being passed? The transition to GDPR would have been far less painful. How does data governance help cybersecurity? In order to protect against threats, organizations need to know what data to protect and how to help keep it protected.. Information protection is at the core of security, but how can you protect it if you do not know what data you have, where your data is, how it is used, who it is shared with (and how it is shared)? Businesses can no longer have perimeter protections in place and call it a day….the perimeter has expanded to suppliers, cloud vendors, partners, and so on. So managing your data in a structured, responsible, and law-abiding way will make it more efficient for security professionals to protect it. How does data governance help an organization manage information risk? You need to know the most sensitive and critical data to your organization – your most valuable information - so that you can allocate more resources to protecting that data. No organization will be 100% secure and very few organizations have unlimited resources – people and financial – to implement, operate, and improve cybersecurity measures. Therefore, businesses must take a risk-based approach and focus on the most sensitive data assets. Times are changing. Is it easy to design and implement a data governance program? No, or organizations would have them in place today. However, given the privacy regulations, the evolving threat landscape, the age of digitization, and the expanding organizational boundaries, data governance is no longer a choice for organizations that need quality data, protected from cybercriminals, and in compliance with data protection laws. |
| Envoyé | Oui |
| Condensat | sensitive 100 abiding about access accountability accuracy across actions against age allocate already applicable approach appropriate are assets assigning availability based basically become been being boundaries business businesses but call can capability case ccpa challenge changing choice circumstances cloud common compliance comply consents consistency controls core critical cybercriminals cybersecurity dare data daunting day… delete delineating denominator design details determining digitization does done easier easy effective efficient enable evolving exercises expanded expanding extensive far financial focus focusing from gdpr given governance governance… had handling has have heart help high how however identifying imagine implement improve include: includes information institute integrity keep knew know landscape law laws less levels lifecycle longer make makes manage management managing mapping measures methods more most moving must need not obtain only operate order organization organizational organizations painful partners passed people perimeter place policies prior privacy processes professionals program protect protected protecting protection protections provide providing quality rather regulations resources responsibility responsible risk safeguards say scary… secure security see sensitive shared structured suppliers take technology than them therefore those threat threats throughout times today transition typically under unlimited used using valuable vendors very way what where who why will within would your |
| Tags | Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.