What is the difference between Data Management and Data Governance?
"Data Governance involves managing how data is accessed and handled within a larger data management strategy, down to access granted to specific users and compliance protocols. Data Management entails the implementation of tools, processes and architectures that are designed to achieve your company's objectives."
Who is responsible for Data Governance?
"Having established the fact that data is a strategic asset owned by the corporation, three roles (or their equivalent) are typically defined: Data Owners, Data Stewards and Data Custodians. These staff members play a critical role in governing data, in collaboration with other members within their organization. Jan 19, 2012"
"Data Owners are either individuals or teams who make decisions such as who has the right to access and edit data and how it's used. "
"Data Stewards are responsible for utilizing an organization's data governance processes to ensure fitness of data elements - both the content and metadata. Data Stewards may share some responsibilities with Data Custodians."
"Data Custodians are assigned specific data management responsibilities by Data Stewards. Data Custodians typically will control access rights to data he or she manages. Data Custodians implement controls to ensure the integrity, security, and privacy of the data."
6 Steps to a Good Risk Assessment Process...
Identify Your Company's Risks. Consider what you define risk to be.
Create Your Company's Risk Library.
Identify Your Risk Owners.
Identify the Controls to Mitigate & Reduce Risks.
Assess Risk Potential and Impact.
Revisit Annually.
What is NIST compliance?
"Generally speaking, NIST guidance provides the set of standards for recommended security controls for information systems at federal agencies. In many cases, complying with NIST guidelines and recommendations will help federal agencies ensure compliance with other regulations, such as HIPAA, FISMA, GDPR, or SOX. Oct 5, 2020"
What are the five functions described in the NIST Framework?
"The five Functions included in the Framework Core are: Identify, Protect, Detect, Respond, Recover." (Note: Veeam should be a component of this framework: VBR, Veeam One, VAO)
Is NIST compliance mandatory?
"Compliance with National Institute of Standards and Technology (NIST) standards is mandatory depending on the industry in which an organization conducts business. NIST is only mandatory for all United States federal agencies as of 2017. The private sector consumption and use of the NIST framework is voluntary. Nov 5, 2019"
What is NIST 800 series?
"The NIST 800 Series is a set of documents that describe United States federal government computer security policies, procedures and guidelines. The publications can be useful as guidelines for enforcement of security rules and as legal references in case of litigation involving security issues."
NIST 800-53 - "NIST SP 800-53 defines the standards and guidelines for federal agencies to architect and manage their information security systems. It was established to provide guidance for the protection of agency's and citizen's private data. Jun 17, 2020."
NIST 800-60 - "NIST SP 800-60 addresses the FISMA direction to develop guidelines recommending the types of information and information systems to be included in each category of potential security impact. ... National security systems store, process, or communicate national security information."
NIST 800-209 - "In order to address this gap, NIST is releasing Draft Special Publication (SP) 800-209, Security Guidelines for Storage Infrastructure, which includes comprehensive security recommendations for storage infrastructures. Jul 21, 2020"
