Data Security Management – Data Democratization, Governance, and Security

Posted on Updated on

Data Security Management

Data security management is defined as the planning, development, and execution of security policies and procedures to provide proper authentication, authorization, access, and auditing of data and information assets as per an organization’s risk strategy.

Even though IT security management is a wide area, data security is a subset of it.

The following are the purposes of data security management:

•    Prevent unauthorized or inappropriate access to data assets.

•    Ensure that the privacy and confidential needs of all stakeholders including government regulations are met.

•    Ensure confidence in the capability of the organization, including

users, by creating systems, processes, policies, and procedures to provide the required and expected level of protection against data breaches or loss of data resulting from any reason at any point in time.

This is achieved by focusing on the CIA (confidentiality, integrity, and availability) rule. Confidentiality means to protect against unauthorized or inappropriate access of data. Integrity means to ensure right data is available at the right time to the right person. Privacy means personal information is used only for the specific purpose for which itwas collected. Some of the techniques to achieve the security principals are database audit and protection (DAP) techniques, data loss prevention (DLP) services, privacy-enforced techniques, and data life cycle management techniques.

Some deliverables to manage data security are policies, procedures, privacy and confidentiality standards, user profile management, passwords and memberships management, data security permissions, data security controls, data, access view permissions, document classifications, authentication, access history, and data security audits.

Key considerations and identification of potential business risks for not being conservative in data security are as follows:

•    Data breaches and ransomware

•    Project disruption

•    Loss of customer retention

•    Loss of reputation

•    Financial penalties or fines

•    Data manipulation and data loss

•    Insider threats

•    Industry, economic, or environmental events

Figure 6-7 demonstrates the major data security implications and respective impact on business outcomes.

Figure 6-7.  Direct Business Impacts

Leave a Reply

Your email address will not be published. Required fields are marked *