The Goals of Data Security Activities include:
- Enabling Compliance with Regulations and Policies for Privacy, Protection, and Confidentiality
- Ensuring that Stakeholder Requirements for Privacy and Confidentiality are Met
- Enabling Appropriate Access and Preventing Inappropriate Access to Enterprise Data Assets
Data Security in an Organization follows these Guiding Principles:
- Collaboration: Data Security is a Collaborative Effort involving IT Security Administrators, Data Stewards, Data Governance, Internal and External Audit Teams, and the Legal Department.
- Enterprise Approach: Data Security Standards and Policies must be applied consistently across the Entire Organization.
- Proactive Management: Success in Data Security Management depends on being Proactive and Dynamic, Engaging all Stakeholders, Managing Change, and Overcoming Organizational or Cultural Bottlenecks such as Traditional Separation of Responsibilities between Information Security, Information Technology, Data Administration, and Business Stakeholders.
- Clear Accountability: Roles and Responsibilities must be Clearly Defined, including the ‘Chain of Custody’ for Data Across Organizations and Roles.
- Metadata-Driven: Security Classification for Data Elements is an Essential part of Data Definitions.
- Reduce Risk by Reducing Exposure: Minimize Sensitive/Confidential Data Proliferation, Especially to Non-Production Environments.
