Data and information governance: Getting this right to support an information security programme Ruth Robertson, Cardiff University 1/11/2016
Jan 23, 2018
Data and information governance: Getting this right to support an information security programmeRuth Robertson, Cardiff University
1/11/2016
Data and information governance: Getting this right to support an
information security programme
Ruth RobertsonDeputy Director, Governance Team
Data & Information Governance Programme ManagerCardiff University
The journey
Information security framework
Data & information management framework
Information Security Framework Vision
The University will operate in a manner where security of information is balanced with appropriate accessibility of that information….
…providing the optimum level of risk management to support the University’s strategic goal of being a world leading institution.
Policies
Roles and ownership
Processes
Defined terms
Tools
Training & awareness
Procedures
Information Security Framework – protect information assets from threats to confidentiality, integrity and availability
Data management -control, protect, deliver and enhance the value of data and information assets
Governance
Data Management Model
Data Governance Data Management
Data Architecture Business Intelligence
Defined accountability framework, strategy, roles, responsibilities, policies and procedures
Consistent view of data landscape: definitions, standards, principles and models
Data Management
Principles
Information lifecycle management, Shared Data management, measuring and improving data quality, Data management problem resolution
Capability to use data to inform operations and strategy and to optimise performance
Data Management Principles
Data is a valuable shared resource• Data is a University asset, shared across University
functions and organisations for multiple purposes and managed appropriately throughout its lifetime
Rationale• Data is a key strategic resource supporting all of the
University functions and must be managed in a fashion that creates most value for the University as a whole
• Subject to legal and regulatory commitments, data is of most value when it is shared and reused. Protection of the University's data against loss, leakage and tampering is of critical importance.
Changes to roles and responsibilities
• Information assets > data domains (plus)
• Information asset owners > Data Leads (plus)
• Data stewards > System Owners (Business)
• Data custodians > System Owners (Technical)
Data & information governance goals
• To define, approve and communicate data management and information security strategies, policies, standards, architecture, procedures and metrics
• To manage information security risk and resolve data management issues
• To understand and promote the value of data and information assets
• To oversee conformance with the above and provide a mechanism to manage necessary exceptions
Governance bodies
Data & Information Management Oversight Group
Senior Information Risk Owner
Senior System Owners, University Data Steward & Data Leads
Head of IT Architecture Data Architecture Group
IT Technical Design Authority
University Data Steward
Membership Categories & Entitlements
Group
Senior Systems Owner (Technical)
Management of information assets
Data Domains Information systems
End user devices
People
Responsible owners
Data Leads Senior SystemOwners (Technical & Business)
Colleges/ Schools/DeptsIndividual members of staff
Human ResourcesLine managers
Types of security controls applied
Classification;data use principles; permitted use policy, processes and procedures
Technical design and configurations; access control policy, processes and procedures
Technical configurations; acceptable use policy, processes and procedures
Vetting; training and awareness raising;behavioural policy, processes and procedures
Current state
• Data & Information Management Oversight –wide scope
• Getting to grips with roles and applying checks and balances – digital workplace system business owner
• Developing data model and classifying data as we go
Questions?