Controls
Data is constantly at risk.(See our Security Breaches section for the latest news of companies who have had sensitive data stolen, misplaced, given away, misused by insiders, taken by outsiders, inadvertently displayed to the public, or otherwise inappropriately disclosed.)
With the proliferation of sensitive data breaches - and the consequences for those who were entrusted with the data - it is becoming clear that data can also represent risk.
How do we deal with risk? We manage it, preferably by preventing the events that we don't want to occur. Those we can't be sure of preventing, we at least detect, so we can then correct the problem.
How are risk management strategies made operational? Through controls.
Controls can be preventative or detective/corrective. They can be automated, manual, or technology-enabled manual processes.
Often the Data Governance program is asked to recommend data-related controls that could be applied at multiple levels of the controls stack (network / operating system; database; application; user processes) to support governance goals.
Data Governance may also be asked to recommend ways that existing general controls (Change Management, policies, training, SDLCs and Project Management, etc.) could be modified to support governance goals or enterprise goals.
Sometimes Data Governance is asked to assist with internal or external audits by explaining how different data-related controls build upon each other.
Next: Data Stakeholders
Copyright 2004-2008 The Data Governance Institute, LLC. All Rights Reserved
The site is brought to you in partnership with the Business Intelligence Network
