IG- Final paper
TOPIC:
The application of data governance framework levels to boost data security
Final Research Paper: The course research paper is a formatted APA paper. It is 12 pages, double-spaced. Paper length requirement is 12 pages of content from Title Page through References.
The Final papers will contain a title page, abstract, introduction/topic paragraph, summary/conclusion, and reference page.
AssessmentRubric for the Research Project
Student:
Paper Title:
Mechanics:
• ______ Virtually free of grammatical and typographical errors
• ______ Neat and scholarly presentation
Content:
• ______ Identifies and provides appropriate details on all the components of
the project
• _______ Met content requirement
• _______ Demonstrates scholarly research skills
• _______ Documents sources accurately and appropriately
• _______ Citation format IAW APA Manual 6th Edition
• _______ Writes in a sustained, logical, coherent, and scholarly manner
Legend: E = Outstanding
G = Good
S = Satisfactory
U = Unsatisfactory
Comments:
|
Rubric for |
|
Criteria A B C F Points Earned Knowledge of Subject Matter (40 pts) Student showed depth of knowledge of subject matter well beyond citing the textbook; writer cited more than the minimum number of references; all statements and opinions were supported by appropriate citations from the literature. Student showed knowledge of subject matter beyond citing the textbook; writer cited the minimum number of references; most statements and opinions were supported by appropriate citations from the literature. Student showed knowledge of subject matter primarily limited to the textbook; writer cited the minimum number of references; some statements and opinions were not supported by appropriate citations from the literature. Student showed little knowledge of subject matter; writer may not have cited the minimum number of references; many statements and opinions were not supported by appropriate citations from the literature. 32 Comments Q2: missing citations from two references. The only references should be those that are cited in the response. Quality of Research (30 pts) Student did an exceptional job of integrating course readings with additional research. Sources listed were all scholarly or practitioner journals, newspapers, or academic books from the last ten years. Student did a satisfactory job of integrating course readings with additional research. Sources listed were primarily scholarly or practitioner journals, newspapers, or academic books from the last ten years. Student did a less than satisfactory job of integrating course readings with additional research. Some sources listed were not scholarly or practitioner journals, newspapers, or academic books from the last ten years. Student did an inadequate job of integrating course readings with additional research. Many of the sources listed were not scholarly or practitioner journals, newspapers, or academic books from the last ten years. 28 Comments Presentation of Ideas and Mechanics (20 pts) Student presented ideas in a compelling manner with no distracting writing, grammar, or spelling problems; the page length requirement was met. Student presented ideas presented in a clear, coherent manner with few distracting writing, grammar, or spelling problems; the page length requirement was met. Student presented ideas in a coherent manner with several distracting writing, grammar, or spelling problems; the page length requirement may not have been met. Student presented ideas in a poorly organized or incoherent manner with many distracting writing, grammar, or spelling problems; the page length requirement may not have been met. 19 Comments APA formatting (10 pts) All citations, quotations, and references were properly formatted or contained one or two minor errors. Most citations, quotations, and references were properly formatted or contained several minor errors. Some citations, quotations, and references were not properly formatted or contained major errors. Most citations, quotations, and references were not properly formatted or contained many errors. 9 Comments The reference lists should be in alphabetical order. Total Points Earned (100 points max) 88 |
Running head: The Application of Data Governance Framework levels to boost Data Security
1
The Application of Data Governance Framework levels to boost Data Security 14
Information Governance
Final Research Paper
By
Anil Kumar Bandi
Dr. Geanie Asante
Information Governance
University of Cumberlands
Abstract
Data is an important company asset that the company relies to attain its mission, vision, long and short-term goals. Data insecurity threatens the future of the company. Data security is hence an important practice that every company should strive to attain and maintain. Data governance was established for the purpose of making sure that company information system is only accessed by the right people and that the information in the system remains the same as initially stored without unauthorized interference and alterations. Sadly, strategies to harm company data or use the data for illegal purposes have been on the rise and it calls for companies to up their game in protecting data.
Introduction
The advancement in information technology has created need and importance of data. unlike the early days when data could be stored manually exposed to massive risks for instance getting misplaced, being burnt, or files getting missing, advanced technology in the information unit brought about storing data electronically (Smallwood, 2012). It is a good thing that electronically stored and retrieved data is easily accessed whenever needed and in the right state. However, in the recent years there have been increasing threats of electronically stored data. Criminals used advanced technology means to access different companies’ data and use the information for selfish gains or negatively affect their target companies. Research and recent news have it that many companies have suffered severely after their information systems have been hacked or dangerous malware introduced into the system corrupting all the data destroyed to a point where it can be of no use to the company (Smallwood, 2012). Of importance to note is that data is a company’s valuable asset as it is used in all operations and decision making. The quality of data available determines the quality of services and products that the business offers to the market.
Maintaining a high quality data hence is of great importance and this is not possible without companies making sure that the data available if promptly protected. The more reason is that the company can work towards storing quality and accurate data and hackers compromise its accuracy and authenticity. Different strategies have over the years been developed for the purpose of promoting and maintaining high data security. Sadly, some strategies have not been entirely effective because despite their presence, company data has been hacked and used for the wrong purposes by unauthorized individuals (Gregory, 2011). To make data security stronger and reliable, data governance concept was developed which entails bringing people, processes, and technologies together for the purpose of managing and protecting company data thereby making data understandable at all times, correct, complete, secure, and trustworthy. For the purpose of making data governance possible and realistic despite its complexity a data governance framework was created and implemented by the Data Government Institute (DGI).
The various companies that have embraced the framework and applied in their information system have proven to have benefitted. The framework entails a set of data rules, organizational role delegation as well as processes that are aimed at bringing authorized personnel, information system and processes together with technologies on the same page. The framework helps in creating situation that is hard for any unauthorized person to access the system, edit, or even delete data. The framework is made up of ten different levels and in every level there are specific roles played that contributed to increased information system security levels. There are many companies that continue to suffer data insecurity challenges and this essay shall focus on demonstrating how such companies can apply the data governance framework levels to boost data security.
Discussion
Data governance framework is a complex structure comprised of ten different levels that are interconnected with each other. The complex structure helps in putting in place different measures and strategies that strengthens data security. According to Smallwood, (2014); data governance framework is a must have structure because data is an important asset that helps businesses grow. The framework helps the business to have reliable data that can used for decision making and the quality data is also used in the various practices leading to consistent improvement. Moreover, lack of data security can easily lead to data breach without the knowledge of the business and this would affect the overall performance of the business (Gregory, 2011). The data governance fragment has ten different universal components and they are classified into rules and rules of engagement, people and organizational bodies and process. Under every division there are specific components which are also known as levels that either determine who, how, what, why, or when; thereby ensuring that the information system is protected at all times.
Division 1: Rules and Rules of Engagement
According to Smallwood, (2014); rules and rules of engagement sets grounds for a data governance framework and they should be taken seriously. The rules help in setting the right environment where ethics and professionalism can be applied by all equally. Rules are set as the first thing in the data governance framework as they help in determining the individuals and organizational bodies that should be included in the system as well as the right processes to embrace. Failure to have the right rules in place would attract the wrong people, vendors, and processes that would risk company data the more. The following is how data governance framework levels under rules and rules of engagement should be applied to boost data security.
Level 1- Mission and Vision
This is the primary level and most critical when it comes to the application of the data governance framework. It is the level that the business develops a mission and vision that will guide the framework throughout its application. According to Lomas, (2010); any business or project without a mission and vision does not have a purpose. Mission and vision have been used to create reason for existence people involved highly gets motivated by a mission and vision. To the set the right attitude and feeling about the framework, the company executive team should create a vision and mission that is connected with quality data security, how to boost it and maintain it at all times. The mission and vision should be communicated to the company employees to be involved in data system clearly and precisely. This helps in making it possible for all stakeholders to accept the framework and support it.
According to Nicho, (2013); the company shareholders should also proactively create and define rules that would keep the framework in check and secondly provide boundaries that should not checked by all. Lastly the stakeholders should take time to address strategies that will be used to address cases of rules non-compliance. The more reason is that if rules noncompliance cases are reported from the early stages of data governance framework application, it is likely to compromise the success and effect of other levels.
Level 2- Goals
Just like businesses need setting goals to achieve as well as the timeframe, a data governance framework also needs to have clear, precise, and realistic goals. The more reason is that when goals are realistic they come as a major motivating factor to company employees unlike a situation where goals are unrealistic and hard to achieve. For instance, boosting data security should be one of the primary goals that should be listed. Having goals is important as it helps the framework to have focus as well have the need to create strategies that will lead to the achievement of the set goals (Smallwood, 2012).
According to Gregory, (2011); the quality of goals also determines the quality of actions and strategies to be embraced. High quality goals would lead to creation of high quality strategies and taking of quality actions as well. This would come as a major benefit to the business because first the set goals will be achieved and secondly data security would be boosted. The goals level is still in the formation and lying of ground that would be used to establish the framework. It is recommended that the business shareholders and executive committee should come together in creating and communicating these goals as this would also help in creating quality and realistic goals.
Level 3- Data Rules and Definitions
According to Nicho, (2013); it is important for a data governance framework to have rules that governs the data and a clear elaboration of what these rules means. For a business to approach this level professionally, it should first create the new rules that would be used in the framework. The new rules should ensure that no instance of data violation is left unattended to. Secondly, the organization should review any previous data rules in case there were other data protection strategies that had been embraced but did not work as expected. Thirdly, using the previous rules, the newly created rules should be analyzed to determine whether or not they meet a quality data governance framework and in the case some weak areas are identified to be addressed instantly. According to Smallwood, (2012); data rules are important because they dictate how all individuals accessing the system should login in, use the data, and log off procedurally. Having data rules helps in making sure that any data violation is reported to the relevant authorities instantly and using rules set in level one, best course of action taken to address the issue.
Level 4- Decision Rights
For any data system to work effectively and data to remain protected, decision-making stakeholders and process used is critical. The fourth level of the framework entails determining the individuals responsible of making decisions concerning the system (Gregory, 2011). It is evident that there are some decisions that are purely in the hands of company’s shareholders for instance whether or not state laws should be complied with. There are other vital decisions that require specification on the right person that should be in charge of them (Smallwood, 2012).
This is critical in ensuring that data security is promoted because when individuals’ in-charge of making decisions are made aware of their duties and only them, the system would be organized and coordinated from a single source. For instance, there should be a specific person who should make decision in regards to the amount of information that should be stored, how data should be organized, and the individuals to access the system as well as procedure to use (Lomas, 2010). Such decision rights would make it possible for all other system and data users to comply with the decisions made by the authorized person.
Level 5- Accountabilities
Level 5 connects level three and four for the purpose of making a data system effectively governed in a manner that promotes data security. In this level, all rules and their definitions provided in level three and the data-related decisions made by the authorized individuals are applied and followed to the letter. The level entails making sure that the rules and decisions made are complied with by all individuals and any failure of accountability is addressed strictly. According to Lomas, (2010); accountability in a data system should start internally and get extended to the external environment of the business. Failure to comply with accountabilities level leaves loopholes where employees working for the company can either violate the system or use other people outside the business do so on their behalf (Nicho, 2013). The level grants the business a chance to create a strict internal environment where every employee is held accountable of his/her actions in the information system. This is the only way discipline and ethics can be upheld among all employees when working for the company and even after leaving the company.
Level 6 – Control Mechanism
It is believed that data is always at risk unless there are controls in place. These are things that would control the actions of system users, processes, operating systems, and networks. Controls helps in setting standards of the extent that a user can go and the point where the system would automatically control navigations or access of the network. Controls in most cases are installed in system and the burl any action that is not recommended and only allow recommended processes, actions, and tasks. This is an important level because it helps making level 5 effective and possible in all people who access the data system (Nicho, 2013). The latter is in the sense that control mechanisms are automatic and they prevent unethical employees who do not want to comply with accountabilities demands from pushing through with their plans. It is also the control mechanisms that make it hard for hackers and system attackers to access the system. Seiner, (2014) demands that control mechanisms should be reliable and from a licensed vendor.
Division 2- People and Organizational Bodies
According to Ladley, (2012); the second division of the data governance framework addresses the people and bodies that should be included to boost data security. The more reason is that for data security to be realized there must be specific individuals that have a relationship with the business that can access the system. It is also the division and offers tips on actions that should be taken whenever a body or individual that was included into a data system exits the company for the purpose of keeping company data safe. The following should be taken into consideration when applying data governance framework under the people and organizational bodies unit;
Level 7- Data Stakeholders
Data stakeholders are individuals in charge of creating data, those who use the data, and also those that will make data-related decisions. All data stakeholders are important and they have specific roles to play. Under this level, it is important for the shareholders to come together and identify company data stakeholders and determine their specific roles. This would in making sure that order is maintained in data governance task and that all tasks that would ensure data protection is maintained at all times. Moreover, it is a level that helps in boosting accountability as every stakeholder have specific duties to play that he/she should be responsible and accountable for. Additionally, Smallwood, (2014); recommends that only professionals should be in the data stakeholders team. Moreover, training and development is recommended to employees to familiarize them with the data safety measures and their respective roles.
According to Nicho, (2013); individuals and bodies that have been working with a business and they have information about the information system and can use the information for wrong purposes should be taken care of. First, it is recommended that the business should close all individuals and bodies accounts immediately they stop working for the company. With their identification details being delated, the system would no longer recognize them and this means that they can no longer access the system (Lomas, 2010). Leaving their accounts for long after they terminate their working relationship with the company possesses a major data security threat. Taking caution as fast as possible protects the company and ensures that only the right people have access to data.
Level 8- A Data Governance Office (DGO)
According to Gregory, (2011); having a central point from where data-related information can emanate from is one of the recommended practices that every business should have. A data governance office comes in handy in ensuring that all data-related duties are executed as they should and that any irregularities it handled instantly. A data governance office is also important because any information about data should be reported to this office and all the stakeholders would have a central point from where they can meet and address data-related issues. According to Seiner, (2014); a data governance office should be set up by the company shareholders and professionals to work in the office all the time. Such a setup would help in making sure that there is someone keeping a close watch of the company data all the times, individuals logged into the system as well as unauthorized attempts to log into the system alerts sent to the DGO. The central point keeps the entire system coordinated and truck kept consistently.
Level 9- Data Stewards
Data stakeholders’ team is comprised of a huge number of people especially if a business is a medium or large size. The more reason is that data stakeholders can involve all company employees since they need to access company data to execute their various tasks. A data steward is a special team of professionals that forms a data council. Data stewards are selected from data stakeholders and their main role is to help in data decision-making or implement decisions from high levels of data governance board. Nicho, (2013) claims that data stewards should be vetted and a thorough personality background check conducted to make sure that company data security is their passion and interest. The more reason is that data stewards gets to know more about data security strategies than any other stakeholders. As a matter of fact, there are instances where they come up with data-related decisions and they inform the company executive board for approval.
Data stewards are important and should be appointed as they would work closely with the data governance office to make sure that no hack attempts are being carried out in any part of the world. Data stewards are also critical as they help in making sure that the quality of the data in the information system meets the set threshold. This means that data stewards do not only help in boosting data security but also quality of data being accessed by data stakeholders and company executive team. Additionally, they are the team that conduct constant information security researches for the purpose of remaining updated with latest data security trends and determine the ones the company should embrace and those to ignore. According to Tupper, (2011); from the knowledge that data stewards have, they should also have a say in the design of information system in place to make sure that the architectural design does not have leeway’s that can be used to spread malwares or even hack the system.
Division 3- Processes
In a data governance framework, the Data Governance Institute claims that processes are what makes a framework complete. The more reason is that the rules and rules of engagement as well as individuals and bodies are expected to work in the processes; it is the individuals and organizational bodies that are supposed to apply the rules in the processes to make the framework work and achieve the desired mission, vision, and goals.
Level 10- Proactive, Reactive, and Ongoing Data Governance Processes
Putting in place the entire framework is a demanding task in terms of resources and energy. It is a process that is meant to make sure that data security is not only boosted but also maintained considering the high data risks of unprotected system. The last level in the framework falls under the processes category and it entails having a continuous data governance process. According to Seiner, (2014); many companies fail by only embracing the framework and investing a lot of time and resource only to fail on retaining a proactive and ongoing process. Under this level it is recommendable that all levels of the framework should be consistently reviewed especially by the data stewards to make sure that there are no hitches and that in the case of challenges they are addressed immediately. It is also recommended that systems, processes, databases, and networks should be consistently upgraded to meet current vendor security standards (Tupper, 2011). This is to mean that every data stakeholder should not relent when it comes to data security. Any negligence paves way for hackers to attack with ease without the stakeholders taking notice of changes or data quality compromise.
Conclusion
Data security is a collective duty that calls for all data stakeholders to play their roles. However, stakeholders might not understand all the roles that they need to play unless there is a clear guideline in place. Data governance framework was created by the Data Governance Institute for the purpose of having a platform that can be used by companies to have the strongest data security possible. The framework has a series of ten levels that the company should approach systematically to ensure that they seal of loopholes that allow data threats to exist. As the company goes through the levels, it would end up with the data vision, mission, goals, people, and processes. This is all that is needed to boost data security in any organization. The more reason is that companies that have experienced cases of data insecurity have in one way or the other failed in either entirely putting in place one or several levels in the framework or having the levels handled partially. Hence, this concludes with the fact that, for a company to enjoy full and reliable data security, all levels of data governance framework must be addressed extensively.
References
Gregory, A. (2011). Data governance—Protecting and unleashing the value of your customer data assets. Journal of Direct, Data and Digital Marketing Practice, 12(3), 230-248
Top of Form
Ladley, J. (2012). Data governance: How to design, deploy, and sustain an effective data governance program. Waltham, MA: Morgan Kaufmann.
Bottom of Form
Lomas, E. (2010). Information governance: information security and access within a UK context. Records Management Journal.
Nicho, M. (2013). An information governance model for information security management. In IT Security Governance Innovations: Theory and Research (pp. 155-189). IGI Global.Top of Form
Seiner, R. S. (2014). Non-invasive data governance: The path of least resistance and greatest success. Basking Ridge, N.J: Technics Pub.Bottom of Form
Top of Form
Smallwood, R. F. (2014). Information governance: Concepts, strategies, and best practices. New York: Wiley. Top of Form
Smallwood, R. F. (2012). Safeguarding critical e-documents: Implementing a program for securing confidential information assets. Hoboken, New Jersey: Wiley. Top of Form
Tupper, C. D. (2011). Data architecture: From zen to reality. Amsterdam: Morgan Kaufmann.
Bottom of Form
Bottom of Form
Bottom of Form