Many of my clients are getting nailed because of loose access controls over unstructured data that ends up having critical information in it like social security numbers, credit card data, health care or proprietary info.
Only information owners can really decide who should have access to unstructured data, but what if you don’t have data owners designated? Who should they be?
In this webinar I’ll take you through a 7-step process for implementing information owners over unstructured data. We will start with identifying stores of unstructured data and then analyzing that data to figure out who the owner should be. Owner analysis includes taking a look at:
- Who accesses this data regularly? What is their position in the organization?
- Who has permission to this data?
- What type of information?
- Is this data subject to any existing information security policies or classifications?
Once you’ve identified the likely owner you need to get their agreement and approvals from other management. The next step is to have the new owner review the current entitlements on this data and attest that they are correct and/or specify what needs to be remediated.
After that initial attestation is done it’s time to incorporate the owner into your ongoing entitlement process. We will look at how that work flow should ideally work, identify key events that need to be audited and discuss how to map this to controls.
We will finish up with outlining how periodic re-verification works and what the data owner’s involvement consists of there too. And we will discuss some processes that need to be in place to keep unstructured data security up-to-date in terms of dealing with new stores and types of unstructured data and catching human resources and organization events that require changes in data ownership assignments.
We are sponsoring this webinar and George Cerbone will briefly show you how their Identity Manager Data Governance Edition helps automate the complex processes required to govern and control unstructured data.