data management?

Posted on 2011-11-01
Last Modified: 2012-05-12
What is the correct terminology for the overall management of sensitive data?

I am trying to research best practices in this area – but I am not exactly sure what the exact standard term will be so it’s hard to track down. Let me give you an example which may inspire you to the correct terminology.

We have say 5 highly sensitive databases MS-SQL, they have been secured in line with MS security best practice guidance. As has the host operating system (windows 2003 server).

But, then you find admin’s have taken clones or extracts of the database and housed them on other servers. Or during backup testing they have saved a backup of all the data in the database on another less secure server. These kind of issues are common place.

There must be some sort of title on how to best govern and protect against this kind of activity?

Can you name the exact principle/standard for this?
Question by:pma111
    LVL 41

    Accepted Solution

    Looks to me that you are talking about data governance.

    I think you will find this link useful:
    LVL 3

    Author Comment

    Ah yes I assume its fits under:

    Transfer: Data used to run reports, transferred to third parties for processing, or exported for long-term backup or retention, need the same privacy and integrity as the original dataset.

    LVL 41

    Expert Comment

    that particular part yest, but you have to look at the whole process from the begining. So first you need to do data classification, defines data sensitivity and defines who should access what. Then apply the adequate mechanisms to secure then during entire data lifespan, including when sitting in a backup tape.

    you might also want to take a look at the Data Governance Institute website:
    LVL 41

    Expert Comment

    Hi, let me know if you have more questions. If not, please remember to close this question by accepting any of the comments as the answer. :)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Video by: Steve
    Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now