Alan Duncan, Director of Data Governance, UNSW E: LinkedIn:

Slides:



Advertisements
Similar presentations
Options appraisal, the business case & procurement
Advertisements

Facilitated by: Pobal Training Initiative.  Using the “Managing Better” Toolkit  Principles of Good Governance  Key Responsibilities of the Company.
Overview What is the National ITS Architecture? User Services
Presentation by Priyanka Sawarkar
Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Business Architecture
<<Date>><<SDLC Phase>>
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
EIM Framework EIM Vision & Strategy EIM Governance EIM Core Processes
Dr. Julian Lo Consulting Director ITIL v3 Expert
Security Controls – What Works
Copyright © 2008 Robert S. Seiner – KIK Consulting & Educational Services/TDAN.com Copyright © 2008 Robert S. Seiner – KIK Consulting & Educational Services/TDAN.com.
Developing a Records & Information Retention & Disposition Program:
Viewpoint Consulting – Committed to your success.
The Executive’s Guide to Strategic C H A N G E Leadership.
EIM – Strategy to Pragmatic Delivery
Child Welfare Workforce Changing Context & Implications Resulting from Privatization & Performance-Based Contracting Karl Ensign, Director Evaluation for.
Opportunities & Implications for Turkish Organisations & Projects
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Accelerated EMS Session 4 – 28 January 2008.
Welcome ISO9001:2000 Foundation Workshop.
Charting a course PROCESS.
Peer Information Security Policies: A Sampling Summer 2015.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Tuesday, June 8 th, Agile Development-Successful Delivery & Implementing Across the Enterprise.
SRA Enabling Programme SRA Board Meeting – Public Session Carey Street, London 26 th February 2009.
Policy and Procedure Inspector Christian Ellis. Policy Statement About Policy It is best practice to have up to date, clear and standardised policies.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.
Quality Management.  Quality management is becoming increasingly important to the leadership and management of all organisations. I  t is necessary.
Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
General Principles for the Procurement of Goods and Services Asst. Prof. Muhammad Abu Sadah.
Interagency Cooperation Dr Laura Cleary. Scope Terminology Rationale Benefits National Security Strategy & Border Management: Two Examples Critical Factors.
Promoting excellence in social security Building on sector wide commonalities to enhance the benefits of Information.
PUBLIC–PRIVATE PARTNERSHIP (PPP) FRAMEWORK AND GUIDELINES Syed M. Ali Zaidi, P.Eng. PM(Stanford), Ph.D. Director, Strategic Partnerships Alberta Infrastructure.
Kathy Corbiere Service Delivery and Performance Commission
Improving Purchasing of Clinical Services* 21 st October 2005 *connectedthinking 
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Oracle’s EPM System and Strategy
Information Resource Stewardship A suggested approach for managing the critical information assets of the organization.
Castlebridge associates | | Castlebridge changing how people think about information How to Implement the.
Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.
Communication and effective presentations Module 6 INSTRUCTIONS This template is designed for projected presentations and printed handouts only. The template.
Driving Value from IT Services using ITIL and COBIT 5 July 24, 2013 Gary Hardy ITWinners.
Data Management Scope and Strategies K.L. Sender and J.L. Pappas Information and Technical Services National Marine Fisheries Service Southwest Fisheries.
© 2016 Chapter 6 Data Management Health Information Management Technology: An Applied Approach.
1 Chapter 9 Implementing Six Sigma. Top 8 Reasons for Six Sigma Project Failure 8. The training was not practical. 7. The project was too small for DMAIC.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Digital Asset Management & Storage Program Program Summary
Well Trained International
Agency Performance: A New Agenda
CIM Modeling for E&U - (Short Version)
IIASA Governance Review
Data Architecture World Class Operations - Impact Workshop.
BANKING INFORMATION SYSTEMS
Integrated Management System and Certification
Integrated Management System and Certification
Asset Governance – Integrated Strategic Asset Management
Strawman Best Practice IIA Change Forum June 2017
Presentation to the INTOSAI Working Group on IT Audit Systems assurance and data analytics for continued audit quality and improved efficiency of audits.
Recruitment Information Pack
MAZARS’ CONSULTING PRACTICE
Plan your journey.
Data Governance & Management Skills and Experience
Why do we monitor? Protecting the Government’s investment in Tertiary Education Assuring the Minister about the viability and sustainability of institutions.
Implementation Business Case
Towards a frictionless social security
Presentation transcript:

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Ensuring Data Governance for effective data privacy and security Alan D. Duncan September 2013

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed A bit about me.... Alan Duncan, Director of Data Governance, UNSW 21 years Information Management & Business Consulting –EDS, KPMG, CPW, Acuma, Pelion, SMS –Scottish Power, United Distillers, O2, Astra Zeneca, Carphone Warehouse, Vodafone, Riyad Bank –Commonwealth Bank, NSW Roads & Maritime Services, Centrelink, OATSIH, NSW Family & Community Services, CASA, AMSA, FaHCSIA, DAFF, Navy… Information-Management.com “Top 12 on Twitter” Best supporting Actor, 2005 Barnet Drama Festival

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed …and a bit about UNSW.

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Agenda 1.The capabilities required for an Enterprise approach to Data Governance 2.Regulatory requirements and compliance: privacy, security and openness 3.The relationship between Data Governance and Information Security 4.Achieving compliance in a cost effective manner

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed “The beginning of wisdom is the definition of terms” PART1: Capabilities for Enterprise Data Governance, sponsored by Socrates

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Data Governance Principles We value – data and information as an asset and a strategic resource. Any information holdings will be appropriately protected. We trust – in our information and each other. Access to and use of data should promote trust and confidence. We share – information. Information is accessible, discoverable and transparent. We re-use – information from specified authoritative sources (“single source of truth”) and is collected in a consistent manner. We manage – information actively. Information is managed throughout its lifecycle and practices are standardised across the business. We govern – information. We have formally assigned information owners and stewards with clear accountability. Data Governance Principles ValueTrustSharingRe-useManageGovern Information is treated as a organisational asset and is readily available to support evidence-based decision-making and informed action.

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Drivers for improved IM & DG… New information-processing technologies Capabilities to meet unmet business needs Market competition Agility to meet changing business demands?

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed …plus second-guessing future needs.

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Target state for Data Governance Current stateRequired state Task/activity/function focussedOutcome oriented Hierarchical approachOpenness and collaboration Hoarding of informationSharing of information Silo mentalityConscious connectedness and collective benefit Assumptions, approximations and caveatsExplicit, contextualised evidence GatekeepingService, communication & responsiveness Inertia & delayUrgency, agility & time to value De facto processes and no agreed rules of engagement Empowerment (permission to act), supported by flexible, adaptable enabling processes Sense of frustrationResponsiveness and ability to act Evangelism, methods, joined up collection strategies & change management

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Information Management Operating Model Enterprise Data Governance & Information Management Information Asset Management (Process) Metadata Management (Process) Data Quality Management (Process) Information Management Competency Centre (Resources) Information Ownership & Stewardship (Resources) Information Management Policies Framework (Controls) Information Management Steering Committee Master Data Management (Process) IM Solutions Implementation (Process) Records Management (Process)

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Data Governance capabilities Common Principles, Methods & Standards Shared Data Definitions Visible data integrity (traceability & lineage) Accuracy and completeness of data (in context) Formal accountability & decision- making Facilitate, communicate, support, broker, arbitrate Information Services & Delivery Teams (e.g. IARO, FPM, Records, EDW) Data Governance Unit Incorrect Values Incomplete information Inconsistent results Missing context Repurposing unsuitable data Complex calculations Conflicting expectations Trusted data Proactive sharing Insight & interpretation Enter once, use many Feedback loop Inputs linked to outcomes Service & engagement

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Data Quality Management “Get your facts first, then you can distort them as you please.” Data Quality Management, sponsored by Mark Twain

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Information Model: Level 0 Domains "When I use a word," Humpty Dumpty said in rather a scornful tone. "It means just what I choose it to mean - neither more or less.” Information Models & Business Glossary, sponsored Lewis Carroll

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Information Asset Management Information Asset Register (inventory) System Interfaces map “Science is organized knowledge. Wisdom is organized life.” Information Asset Management, sponsored by Immanuel Kant

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Common principles, methods & standards “Whosoever desires constant success must change his conduct with the times.” Continuous improvement, sponsored by Niccolo Machiavelli

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Data Governance structures “It is not only what we do, but also what we do not do, for which we are accountable.” Formal accountability and decision-making, sponsored by Moliere

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed A word on Information Delivery Services… Data Governance / Information Management Sponsoring Group Data Governance Strategy & Roadmap

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Evidence-based decision-making, sponsored by Carl Sagan “I try not to think with my gut. If I‘m serious about understanding the world, thinking with anything besides my brain, as tempting as that might be, is likely to get me into trouble.” TALKING POINT

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed “All I want is compliance with my wishes, after reasonable discussion.” PART 2: Impact of regulatory requirements, sponsored by Winston Churchill

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed 2. Implications of regulatory requirements The legislative agenda Implications –Privacy –Sensitivity –Openness –The Cloud? Bottom line 20

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed There’s a lot of legislation! Freedom of Information Act 1982 (Cth) Freedom of Information Amendment (Reform) Act 2010 (Cth) Privacy Act 1988 (Cth) Privacy Amendment (Private Sector) Act 2000 Privacy Amendment Act 2012 (Cth) Privacy Amendments (Privacy Alerts) Bill 2013 (Cth) State Records Act 1998 (NSW) Government Information (Public Access) Act 2009 (NSW) Privacy & Personal Information Protection Act 1998 (NSW) Health Records & Information Privacy Act 2002 (NSW) NSW Government Guide To Labelling Sensitive Information 2011 (NSW Financial & Services) Australian Government Cloud Computing Strategic Direction 2011 (AGIMO) Australian Government Cloud Computing Policy 2013 (AGIMO) 21

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Implications - Privacy Privacy Classification Copying & storage implications Electronic transmission implications PERSONAL – HIGHLY SENSITIVE Treat as PROTECTED (minimum standard) PERSONALTreat as X-IN-CONFIDENCE (min standard) PERSONAL –DIRECTION TO WAIVE Treat as X-IN-CONFIDENCE (min standard) OTHER NON-PERSONALTreat as UNRESTRICTED (minimum standard) 22 Based on NSW State Privacy Principles (per PPIP Act 1998):

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Implications – Sensitivity/Security Privacy Classification Copying & storage implications Electronic transmission implications HIGHLY PROTECTED Encrypted & physically secure Controlled copy only Encrypted PROTECTED Encrypted & physically secure Encrypted X-IN-CONFIDENCE Unencrypted, physically secure Encrypted if regular or frequent UNRESTRICTEDNo specific considerations 23 Based on NSW State information labeling standards: % pdf

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Is “Open Data” a good thing? tim_berners_lee_the_year_open_d ata_went_worldwide.html 24

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed What about “The Cloud”? 25 In principle, it’s just another place to store data, so the security principles apply….

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed But the Uncle Sam has other ideas… US Patriot Act 2011 US Foreign Intelligence Surveillance Act (FISA) 1978 FISA Amendment Act of 2008 Protect America Act of 2007 It is suggested that data of sensitivity classifications X-IN-CONFIDENCE, PROTECTED and HIGHLY PROTECTED are not stored in public cloud-based solutions (Google, Dropbox, iCloud etc.) 26

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed “Need to know” principle, sponsored by Benjamin Franklin “Three can keep a secret, if two of them are dead.” TALKING POINT

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed PART 3: The relationship between Data Governance and Information Security, sponsored by Niccolo Machiavelli “I’m not interested in preserving the status quo; I want to overthrow it.”

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed 3. Relationship between Data Governance & Information Security Information Asset Management –Know what you’ve got! –Know who’s responsible for it. Data Classification –Know the implications Security delivery –Implementation of security controls –Partnerships & accountability 29

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Aligning info assets with business outcomes The “Information Asset Community” Information Asset Register (inventory) System Interfaces map

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Data Ownership & Stewardship Chief Steward & IMCC (cross-functional, cross domain) Business Process Business Process Business Process Business Process Business Process Information Stewards NB Risk Point: Owner of data acquisition process may not be the most appropriate owner for the information asset!

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Evidence-based decision-making, sponsored by Aldous Huxley “The deepest sin against the human mind is to believe things without evidence.” TALKING POINT

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed PART 4: Compliance in a cost-effective manner, sponsored by Voltaire “The art of government is to make two-thirds of a nation pay all it possibly can for the benefit of the other third.”

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed 4. Achieving compliance in a cost-effective manner Delivering information value Shared planning Data lifecycle and SDLC 34

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed “True Facts”: Data Governance and Information as a Service Identify measurable and targeted Business Outcomes Why do we need information? For whom? What will we do differently? Establish DG Operating Model Who is accountable? By what processes? Execute Activities & Tasks How do we deliver? Who does the work? Confirm the Information Holdings & Gaps What do we need to provide? (Content + Context) Implement DG/IMCC Services Catalogue: What core capabilities do we need?

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Tracking the value: Information Benefits Register 36 Information value to IT is typically characterised by improvements in efficiency Information Benefits Case monetises the expected value to derive from standing up the IMCC/DG capability Information value to Business is characterised by improvements in effectiveness Institutional reputation and compliance issues are benefitted through avoiding or mitigating risk

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Linking of Data Governance Lifecycle & SDLC DP RefDG Decision Point Name DG-DP01New Data In a Source System DG-DP02Customer Origination and Maintenance DG-DP03Data Movement / Migration DG-DP04Group Data Warehouse Integration DG-DP05Creation of Reporting & Analytics DG-DP06Feeding output data from Information Stores back into Operational Systems DG-DP07Create a New Data Store DG-DP08 Add new or make changes to an existing Classification Scheme (hierarchical or descriptive elements in Dimensional data) RequirementsDesignBuildTestDeployBAU Specific and explicit milestones mapped into the Business Operating Model & SDLC

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Collaboration & knowledge sharing, sponsored by Lao Tsu “Respond intelligently even to unintelligent treatment.” FINAL THOUGHTS

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Consistency of messaging, sponsored by Lewis Carroll “What I tell you three times is true.”

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Further reading DocumentLink AGIMO Cloud Computing Policy Data Compliance Beyond Borders should-be-paying-attention UNSW Cyber Law Centre - Data Sovereignty & The Cloud Harvard Business Review – blog post um=Tweet&utm_campaign=Socialflow Varonis – Security Incidents White Paper _Security_Incidents_and_Real-time_Alerts.pdf%20 EU Working Party on Data Protection Reform – Article 29 document/files/2013/ _statement_dp_reform_package_en.pdf Macquarie Telecom – The Cloud and Cross Border Risks Border_Risks.pdf?goback=%2Egde_ _member_ And of course !

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.