Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:
GOVERNANCE & AWARENESS
Home / GOVERNANCE & AWARENESS
/
Data Security
Data Governance

Objectives:

Data Security encompasses planning, developmnet and implementation of data security policies and procedures. Specifications of data security differ according to the industry and nation, but in any case the aim of data security practices is unchanged: protecting data assets and information in compliance with privacy and confidentiality laws, contractual clauses and business needs.

These needs can arise from:

  • Stakeholders
  • Regulations
  • Business data aspects
  • Legitimate need for access to data
  • Contractual obligations

Effective data secuiry policies and procedures ensure that the right people can properly use and update data and that all unauthorised accesses are prevented.

There is no single way to implement Data Security that meets all the necessary requirements concerning privacy and confidentiality: regulations focus on the ends of security and not on the means to achieve it. Thus, each organisation must design its own controls, demostrate that they meet or exceed what regulations require, document the implementation of those controls and finally monitor and measure their effectiveness over time. As in other Knowledge Areas, activities include identifying requirements, defining the current state in order to identify gaps and risks, implementing and enforcing tools and processes and verifying the security measures taken to ensure effectiveness.


Activities carried out by our Team:

Identifying Data Security requirements

First of all, it is important to distinguish between business requirements, regulations imposed by external legislators and the rules imposed by the aplication of a specific software. While application systems serve as a means of enforcing business rules and procedures, it is common for these same systems to have their own security requirements in addittion to those needed for business processes, and these are becoming increasingly common thanks to ready-to-use systems. However, it is necessary to emphasise how these support organisational data security standards.

Defining Data Security Policies

Organisations must create Data Security policies according to both business and regulatory requirements. A policy is a statement of a certain path and a high-level description of the behaviours deemed appropriate to achieve certain objectives. Data Security policies describe the behaviours that are best practicable for an organisation wishing to protect its data. Policies must have a measurable impact, thus they have to be verifiable and actually verified.

Company policies often have legal implications. A judge might consider a policy put in place to meet a legal requirement as an effort within the organisation to be compliant with that standars; therefore, non-compliance with a company policy, following a data breach, may have legal implications.

Defining security policies requires collaboration among IT security administrators, the person in charge of systems architecture, Data Governance commitees, Data Stewards, internal and external audit groups and the legal department. Data Stewards must also collaborate with Privacy Officers (defined by some laws, especially American,Sarbanes-Oxley supervisors, HIPAA Officers) and with business managers to develop categories of Metadata for regulatory purposes and apply these security classifications consistently with the given definition. All actions to ensure regulatory compliance must be co-ordinated to reduce costs and avoid confusing instructions and procedures.

Defining Data Security Standards

Policies aim to give guidelines for behaviours, but they do not define any possible situation. Standards complete policies and provide further details on how to fulfill intentions defined in policies. For example, the policy may state that passwords must follow the guidelines of strong passwords; standards that define secure passwords are specified separately. Finally, technology reinforces policies preventing users from creating passwords that do not meet secure password standards.

Recommended to you

Big Data and Data Science Data Quality Metadata Management Data Warehousing and Business Intelligence Reference und Master Data Document and Content Management Data Integration and Interoperability Data Security Data Storage and Operations Data Modeling and Design Data Architecture Data Governance