The connection between data governance and cybersecurity might not be immediately apparent. But if one considers the ‘5 knows of cyber’, it becomes obvious that cybersecurity is all about data, and data is all about information, and we want information to be secure.
I use the ‘5 knows’ as the foundation of our data governance framework, because it really helps people to understand why data governance is important and how it can help them. And if people can understand the why then they can move towards controlling their data more effectively. And once we move towards managing our data then we can start to manage information.
Cybersecurity is very much a team sport, it is a collaboration between teams – Data & Information Governance, Cybersecurity, Risk Management, IT Operations, and the business units. There is no way any single group can manage security, especially with the emerging threat landscape.
But the fundamentals of data governance are an essential starting point for the collaboration:
- policies, standards, procedures and guidelines for data governance
- governance groups to coordinate activities
- data classification
- data handling guidelines
- system classification
- an information security management system