Sep 06 2024

9 data governance strategies that will unlock the potential of your business data

Category: data security,IT Governance,Metadatadisc7 @ 7:46 am

The article from IBM emphasizes the critical role of data governance in ensuring high-quality, secure, and accessible data, which is vital for organizations aiming to leverage emerging technologies like AI, ML, and automation.

Effective data governance acts like air traffic control, managing the flow of data to ensure integrity and prevent misuse. Without proper governance, organizations risk basing decisions on inaccurate data or suffering breaches that can lead to financial losses and erode trust. Data governance also ensures organizations have access to real-time, high-quality data, enabling them to make better business decisions, optimize operations, and maintain compliance with regulations.

Establishing an effective data governance framework requires a long-term commitment, collaboration across departments, and thoughtful implementation. Organizations should start small, define roles and responsibilities, secure stakeholder buy-in, and select the right tools to manage data. Continuous monitoring, improvement, and alignment with broader business strategies are essential for sustained success. Strong data security practices, adherence to privacy regulations, and the use of maturity models help organizations build a dynamic governance ecosystem that evolves alongside the business, fostering a culture that views data as a strategic asset.

Details of 9 data governance strategies

The Data Governance Imperative

Data Governance: How to Design, Deploy, and Sustain an Effective Data Governance Program

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: Data Governance

Apr 23 2021

TikTok sued over its use of children’s personal data

Category: data security,MetadataDISC @ 10:31 am
TikTok sued over its use of children’s personal data

TikTok is again being accused of illegally processing children’s personal data.

The latest claim has been brought by Anne Longfield, the former children’s commissioner for England, who is suing the video-sharing app on behalf of 3.5 million children in the UK.

She alleges that TikTok is violating the GDPR (General Data Protection Regulation) by collecting excessive data and failing to explain what it’s used for.

Children’s data is subject to special protections under the GDPR, including the requirement that privacy policies must be written in a way that’s understandable to the service’s target audience.

Tags: children’s personal data

Mar 23 2021

Best Practices for Data Hygiene

Category: data security,Information Security,MetadataDISC @ 2:28 pm
5 Data Hygiene Best Practices To Keep Your Data Reliable - Winpure

Data hygiene consists of actions that organizations can, and should, take as a matter of following not only compliance requirements, but also as part of basic risk management program practices. Consistent, risk-specific data hygiene practices supports not only a very wide range and number of data protection compliance requirements, but performing data hygiene activities also demonstrably improves an organization’s data security effectiveness without significantly increasing IT or information security costs. Most of these actions involve people performing activities that all personnel within an enterprise can take. No specialized tools are typically needed—just some training and ongoing awareness reminders, or periodic use of data management tools.

These actions serve to:

  • limit the amount of data collected to only that which is necessary to support the purposes of the data collection
  • keep data from being modified in unauthorized ways, or accidentally
  • destroy/delete data when it is no longer needed to support the purpose(s) for which it was collected and to meet legal retention requirements
  • prevent access to data to only those entities (devices, individuals, accounts, etc.) that have a business/validated need to access the data
  • not share data with others unless necessary and with the consent of those about whom the data applies, as applicable
  • keep your own personal and business data from being used and posted in ways for which you did not consent or is not necessary to support the purposes for which you originally allowed the data to be collected or derived
  • keep unauthorized entities from accessing data

Source: Best Practices for Data Hygiene

Tags: Data Hygiene

Mar 15 2021

Metadata Left in Security Agency PDFs

Category: MetadataDISC @ 10:33 am
Metadata Left in Security Agency PDFs

Really interesting research:

“Exploitation and Sanitization of Hidden Data in PDF Files”

Abstract: Organizations publish and share more and more electronic documents like PDF files. Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture. All these information can be exploited easily by attackers to footprint and later attack an organization. In this paper, we analyze hidden data found in the PDF files published by an organization. We gathered a corpus of 39664 PDF files published by 75 security agencies from 47 countries. We have been able to measure the quality and quantity of information exposed in these PDF files. It can be effectively used to find weak links in an organization: employees who are running outdated software. We have also measured the adoption of PDF files sanitization by security agencies. We identified only 7 security agencies which sanitize few of their PDF files before publishing. Unfortunately, we were still able to find sensitive information within 65% of these sanitized PDF files. Some agencies are using weak sanitization techniques: it requires to remove all the hidden sensitive information from the file and not just to remove the data at the surface. Security agencies need to change their sanitization methods.

Metadata (The MIT Press Essential Knowledge series)

Tags: Metadata Left in Security