Pau Lo
asked on
data management?
What is the correct terminology for the overall management of sensitive data?
I am trying to research best practices in this area – but I am not exactly sure what the exact standard term will be so it’s hard to track down. Let me give you an example which may inspire you to the correct terminology.
We have say 5 highly sensitive databases MS-SQL, they have been secured in line with MS security best practice guidance. As has the host operating system (windows 2003 server).
But, then you find admin’s have taken clones or extracts of the database and housed them on other servers. Or during backup testing they have saved a backup of all the data in the database on another less secure server. These kind of issues are common place.
There must be some sort of title on how to best govern and protect against this kind of activity?
Can you name the exact principle/standard for this?
I am trying to research best practices in this area – but I am not exactly sure what the exact standard term will be so it’s hard to track down. Let me give you an example which may inspire you to the correct terminology.
We have say 5 highly sensitive databases MS-SQL, they have been secured in line with MS security best practice guidance. As has the host operating system (windows 2003 server).
But, then you find admin’s have taken clones or extracts of the database and housed them on other servers. Or during backup testing they have saved a backup of all the data in the database on another less secure server. These kind of issues are common place.
There must be some sort of title on how to best govern and protect against this kind of activity?
Can you name the exact principle/standard for this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
that particular part yest, but you have to look at the whole process from the begining. So first you need to do data classification, defines data sensitivity and defines who should access what. Then apply the adequate mechanisms to secure then during entire data lifespan, including when sitting in a backup tape.
you might also want to take a look at the Data Governance Institute website:
http://www.datagovernance.com/adg_data_governance_basics.html
you might also want to take a look at the Data Governance Institute website:
http://www.datagovernance.com/adg_data_governance_basics.html
Hi, let me know if you have more questions. If not, please remember to close this question by accepting any of the comments as the answer. :)
ASKER
Transfer: Data used to run reports, transferred to third parties for processing, or exported for long-term backup or retention, need the same privacy and integrity as the original dataset.
?