data management risk management
TRANSCRIPT
J. White 2017
RISK MANAGEMENT: DATA AS AN ASSET
JOSEPH WHITE
J. White 2017
WHAT IS DATA?
• TO UNDERSTAND THE RISKS OF SOMETHING, YOU MUST UNDERSTAND THE SUBJECT IN QUESTION, AND ITS PURPOSE
• DATA IS ANY FACT THAT IS USED TO INFORM, CALCULATE, REASON, OR PLAN. FACTS CAN BE GATHERED, STORED, OR EXPRESSED IN THE FORM OF LETTERS, NUMBERS, OR SYMBOLS
J. White 2017
THE PURPOSE OF DATA
• DATA IS USED TO DIAGNOSE THE HEALTH OF THE ORGANIZATION• DATA IS USED TO DESCRIBE THE ORGANIZATION• DATA IS USED TO DISCOVER TRENDS AND DIRECTION OF THE ORGANIZATION
J. White 2017
TYPES OF DATA
• STRUCTURED: PROPOSALS, STATEMENTS, AND SPREADSHEETS• UNSTRUCTURED: NOTEPADS, STICKY NOTES
• PHYSICAL DATA: BOOKS, PAPER, PICTURES• DIGITAL DATA: JPG, .DOC, .TXT, SQL
J. White 2017
DATA QUALITY AND TRANSPARENCY
• QUALITY: ACCURACY AND COMPLETENESS• TRANSPARENCY: EASILY UNDERSTOOD
J. White 2017
DATA SOURCING
• RISKS CAN BE LOWERED WHEN THE ORGANIZATION HAS LESS SOURCES OF DATA.
• LESS SOURCES, CREATE BETTER CONTROLS• CONTROLLING YOUR SOURCES, ALLOWS FOR THE RIGHT DATA TO BE
SHARED, WITH THE RIGHT AMOUNT, FOR THE RIGHT PURPOSE
J. White 2017
RISK STRATIFICATIONS FOR DATA
• STRATEGIC• CREDIT• MARKET• LIQUIDITY• OPERATIONAL• COMPLIANCE• REPUTATIONAL
J. White 2017
DATA SECURITY RISK LEVELS
• THERE ARE 3 SECURITY LEVELS OF DATA• CONFIDENTIAL• PROPRIETARY• PUBLIC
J. White 2017
CONFIDENTIAL DATA
• DATA THAT IS INTENDED FOR LIMITED DISCLOSURE ON A NEED TO KNOW BASIS AND WHEN UNAUTHORIZED DISCLOSURE, LOSS OR CORRUPTION OF THE DATA ELEMENTS WOULD CAUSE SERIOUS OR A HIGH DEGREE OF DAMAGE
• EXAMPLE: GOVERNMENT REGULATIONS, LEGAL AGREEMENTS, COMPLETIVE ADVANTAGE• HRCI-HUMAN RESOURCE INFO• NPCI-CORPORATE INFO• NPTI-TECHNICAL INFO• NPPI-PERSONAL INFO
J. White 2017
PROPRIETARY DATA
• DATA THAT IS SHARED ON A NEED TO KNOW BASIS. THIS DATA PRESENTS LIMITED RISK TO THE ORGANIZATION. DATA MAY BE SHARED OUTSIDE THE COMPANY, ONLY FOR A BUSINESS NEED
J. White 2017
PUBLIC DATA
• DATA THAT IS OPEN TO THE PUBLIC. THIS IS NON PRIVATE IN NATURE.
J. White 2017
DATA LIFE CYCLE MANAGEMENT
• HOW IS THE DATA CREATED?• WHY IS THE DATA CREATED?• WHAT IS THE DATA PURPOSE?• HOW IS THE DATA PROVISIONED?• WHAT IS THE DATA PROCESS PATH?• WHO TOUCHES THE DATA?• HOW IS THE DATA ALTERED?• WHAT MEASURES ARE USED TO CONTROL THE DATA
J. White 2017
DATA LIFECYCLE CONTINUED
• WHAT MEASURES ARE USED TO DESCRIBE THE DATA?• WHERE IS THE DATA STORED?• HOW LONG IS THE DATA ACTIVE?• WHEN DOES THE DATA TURN INACTIVE?• HOW IS THE DATA RECORDED?• WHAT IS THE LIFE EXPECTANCY OF THE DATA• HOW IS THE DATA PURGED?• HOW IS THIS PURGE VALIDATED?• HOW MUCH COST IS ASSOCIATED TO 1GB OF DATA?
J. White 2017
DATA VALUE TO ORGANIZATION
• HOW MUCH COST IS ASSOCIATED TO 1GB OF DATA?• HOW MUCH VALUE IS ATTRIBUTED TO 1GB OF DATA?• WHAT IS THE PAST 3 YEAR TREND OF THE COST/BENEFIT RATIO?• WHAT IS THE FUTURE 3 YEAR TREND OF THE COST/BENEFIT RATIO?• HOW DO THE DATA RISKS CORRELATE WITH THE DATA LIFE CYCLE?• WHAT OPPORTUNITIES HAVE NOT BE REALIZED FROM THE DATA?• WHAT ADDITIONAL OPTIONS DO YOU HAVE FOR STORAGE AND PURGING?