logo for information-management-architect.com
Home
Strategy
Framework
Business Case Analysis
Project Planning
Requirements Analysis
Architecture & Design
Build Phase
Quality Assurance
Transition to Production
Management Information
Business Intelligence
Data Warehouse
Tools
Jobs
Contact David Bowman
leftimage for information-management-architect.com

Information Management Security

Need to establish information management security and want practical standards and best practices?

What is data management?Information Management Security

Data management is a sub-set of information management that governs organization and control of the structure and design, storage, movement, security and quality of information.
What is data security?

Security is designed to mitigate:
  • Strategic risk, the potential adverse business impact to the organization, both internally and externally, that may occur;
  • Operational risk, the risk of direct or indirect loss from failed or inadequate processes, people or systems, or exposure to external events;
  • Compliance risk, the risk of non-conformance to laws, rules and regulations;
  • Reputation risk, the risk to earnings or capital arising from negative public or employee opinion.
Information management security should address the following control objectives:
  • Safeguarding of assets – Defining requirements for protecting important resources including customer non-public personal information and corporate assets e.g. key corporate metrics used to manage performance of the organization are considered critical corporate assets, which require protection;
  • Economy/effectiveness of process – Ensuring the effectiveness and efficiency in the organization’s use of its assets and other resources; thru the reduction of duplicate or unnecessary data and information maintained within the organization;
  • Compliance with laws and regulations – Helping to ensure that the organization complies with applicable laws and regulations; specifically to guidance provided by regulatory agencies for the adequate control over the information management environment; and
  • Integrity and reliability of data – Helping to ensure that the integrity and reliability of the data and information is managed across the information management environment to enable management of performance, monitoring of risk, and management decisions.
Why is it important?

Information management security is required to ensure that personal data is not shared and is only available to people who have a right to access the information.

Organizations may need to comply with  international legislation such as the UK data protection act or security standards such as the International Standard Organization (ISO) security standard.

In addition, some organizations may need to comply with Payment Card Industry (PCI) security standards.

Information management security checklist

The following should be included in information management polices, standards and procedures:

Data security and data security policy.
Data security standard procedures.
Data warehouse backup.
Data backup solution.
Standards for data backup services.
Data retrieval
Offsite data storage
Data backup
Data backup software
Data backup and recovery
Data retention and data archive requirements should be established in the requirements analysis phase.
Data backups
Policy and standards for sensitive data
Data protection software
Data security software
Information management security
Data warehouse security
Data file management
Data security compliance, with security standards such as payment card industry (PCI).
Offsite data backup
Data backup online
Data storage backup
Disaster planning and disaster plan.
Disaster management information disaster protection
Disaster recovery should be consistent with organization risk management policy.
Information security
Data backup service
Information management compliance
Data privacy.
The following security requirements should be reviewed and specified in corporate policy.


Summary...

Data management is a sub-set of information management that governs organization and control of the structure and design, storage, movement, security and quality of information.

Data security is designed to mitigate risk, ensure compliance with regulatory agencies and provide information continuity in effect of operational failure or catastrophic disaster.

footer for Information management page