#Privacy: What do you get when you combine security, privacy and risk?
In the board room, hearing the words security, privacy and risk could send shivers down the spine of many C-level executives given the nature of the current cybersecurity landscape.
However, these decision makers have the responsibility of providing the enterprise is compliant with the numerous data protection regulations, most notably the European General Data Protection Regulation (GDPR).
The arrival of such data protection laws has led many organisations to second guess their current risk-based approaches to security. With data at the heart of all organisations, being compliant is now a requirement. The incentive to resolve security, privacy and risk management issues now results in data governance. But what exactly is data governance?
Defining data governance
Data governance is the capability within an organisation to help provide for and protect the high quality of data throughout its lifecycle. This includes data integrity, data security, availability, and consistency.
The process of data governance involves people and technology to provide that data is appropriately handled during its lifecycle with the organisation. Key areas that form a data governance program include:
- Delineating accountability for those responsible for data and data assets
- Assigning responsibility to appropriate levels in the organisation for managing and protecting the data
- Determining who can take what actions, with what data, under what circumstances, using what methods
- Identifying safeguards to protect data
- Providing integrity controls to provide for the quality and accuracy of data
Data governance and privacy management
It is imperative organisations understand what data is collected, where it is stored, how it is manipulated and who it’s shared with – these questions are all critical to meet GDPR compliance.
Having a lawful basis to use the data and allowing individuals the option to remove their data are also requirements. These set the foundations for appropriate privacy management and can be used to carry out data governance. This should be a crucial first step for organisations on their journey to compliance.
Data governance and cybersecurity
The need for cybersecurity has become essential, particularly as there is a serious demand to protect systems and information. Therefore, organisations need visibility into their systems to locate critical assets and where to dedicate defences. Information protection is at the core of security, but how can you protect it if you do not know what data you have, where your data is, how it is used, who it is shared with (and how it is shared)?
Security has evolved and so too have the perimeter defences. With digital transformation dictating business decisions, the need for more technology and cloud adoption has meant security must expand to suppliers, cloud vendors, partners and more. So, managing data in a structured, responsible, and legally compliant way will make it more efficient for security professionals to protect it.
Data governance and managing information risk
It goes without saying: security must be allocated to protect the most valuable information within the organisation. The concept that there is no silver bullet to cybersecurity is well understood, and for organisations with limited resources – whether that be people, budget or technology – cybersecurity is often the first to be sacrificed. Therefore, to efficiently use what is at its disposal, a business must take a risk-based approach and focus on the most sensitive data assets.
As cyber threats mount, combined with the rapid adoption of digital transformation, the scope of risk is increasing daily. Moving into 2020 and beyond, regulatory bodies will likely focus more attention on data security and, therefore, compliance must be met. For the modern business, this means putting in place a dedicated data governance programme encompassing data security, privacy and risk that will help the enterprise achieve compliance and much more.
By Carisa Brockman, Director, Governance, Risk and Compliance, AT&T Cybersecurity Consulting
The post #Privacy: What do you get when you combine security, privacy and risk? appeared first on PrivSec Report.