Data Governance….at the heart of security, privacy, and risk

October 23, 2019 | Carisa Brockman

Security, privacy, and risk does not have to be scary… but with GDPR, CCPA, and organizations moving to a risk-based approach to security rather than focusing on only compliance, it has become a daunting challenge.  What is typically at the heart of organizations?  Data and information.  The common denominator that makes security, privacy and risk more effective and dare I say, easier?….data governance. 

What is data governance?

Data governance is the capability within an organization to help provide for and protect for high quality data throughout the lifecycle of that data.  This includes data integrity, data security, availability, and consistency.  Data governance includes people, processes, and technology that help enable appropriate handling of the data across the organization.  Data governance program policies include:

  • Delineating accountability for those responsible for data and data assets
  • Assigning responsibility to appropriate levels in the organization for managing and protecting the data
  • Determining who can take what actions, with what data, under what circumstances, using what methods (see Data Governance Institute for details.)
  • Identifying safeguards to protect data
  • Providing integrity controls to provide for the quality and accuracy of data

How does data governance help with privacy management?

You have to know what data you have, where it is, how it is used, and who it is shared with to comply with applicable privacy regulations, and have the processes to obtain appropriate consents, access and delete it.  Privacy regulations are basically a business case for data governance.  Imagine if organizations had already done extensive data mapping exercises prior to GDPR?  Imagine if they knew where, why, what, and how about the data prior to GDPR being passed? The transition to GDPR would have been far less painful.

How does data governance help cybersecurity?

In order to protect against threats, organizations need to know what data to protect and how to help keep it protected..  Information protection is at the core of security, but how can you protect it if you do not know what data you have, where your data is, how it is used, who it is shared with (and how it is shared)?  Businesses can no longer have perimeter protections in place and call it a day….the perimeter has expanded to suppliers, cloud vendors, partners, and so on.  So managing your data in a structured, responsible, and law-abiding way will make it more efficient for security professionals to protect it. 

How does data governance help an organization manage information risk?  

You need to know the most sensitive and critical data to your organization – your most valuable information - so that you can allocate more resources to protecting that data.  No organization will be 100% secure and very few organizations have unlimited resources – people and financial – to implement, operate, and improve cybersecurity measures.  Therefore, businesses must take a risk-based approach and focus on the most  sensitive data assets. 

Times are changing.  Is it easy to design and implement a data governance program?  No, or organizations would have them in place today.  However, given the privacy regulations, the evolving threat landscape, the age of digitization, and the expanding organizational boundaries, data governance is no longer a choice for organizations that need quality data, protected from cybercriminals, and in compliance with data protection laws. 

Carisa Brockman

About the Author: Carisa Brockman

Carisa has worked as part of the AT&T family for over 18 years (through acquisitions). She is well-versed in business management practices and has focused on strategic planning, information risk management, compliance management, enterprise policy management, cross-functional process design & management, consolidation & integration of enterprise security functions, and organizational effectiveness. , ,Carisa joined AT&T Consulting via the acquisition of VeriSign Global Security Consulting, where she served as a Senior Manager. Prior to VeriSign, Carisa worked at the Minnesota Department of Human Services in IT Security. , ,Today, as part of AT&T Consulting, Carisa leads the Governance, Risk, and Compliance Security Consulting Practice. She is responsible for providing strategic direction and vision to grow the business through collaborative relationships with account teams, management, staff, and business partnerships, defining and refining service offerings based upon market drivers and conditions and regulatory landscape, and managing client relationships and business development for practice., ,Carisa is married with three children. She holds a CISSP, CISA, and CCSFP certifications, a BA in History from University of Minnesota – Twin Cities, and resides in Oconomowoc, WI. ,

Read more posts from Carisa Brockman ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial