Data governance and cybersecurity

The connection between data governance and cybersecurity might not be immediately apparent. But if one considers the ‘5 knows of cyber’, it becomes obvious that cybersecurity is all about data, and data is all about information, and we want information to be secure.

I use the ‘5 knows’ as the foundation of our data governance framework, because it really helps people to understand why data governance is important and how it can help them. And if people can understand the why then they can move towards controlling their data more effectively. And once we move towards managing our data then we can start to manage information.

Cybersecurity is very much a team sport, it is a collaboration between teams – Data & Information Governance, Cybersecurity, Risk Management, IT Operations, and the business units. There is no way any single group can manage security, especially with the emerging threat landscape.

But the fundamentals of data governance are an essential starting point for the collaboration:

  • policies, standards, procedures and guidelines for data governance
  • governance groups to coordinate activities
  • data classification
  • data handling guidelines
  • system classification
  • an information security management system

Author: Kate Carruthers

Kate Carruthers is Chief Data & Insights Officer for UNSW Sydney, and is also an Adjunct Senior Lecturer in the School of Computer Science & Engineering. She is certified in information security and is currently undertaking postgraduate studies terrorism and security. Kate has extensive experience in senior roles in ICT, marketing, data and digital; and is a member of the NSW Government’s Data Analytics Centre Advisory Board. Kate is currently working at the intersection of data analytics, AI, ML, privacy, cyber security, and data protection.