experience demonstrated. As a security professional you may value the control and compliance enhancements, but the CFO will be much happier to drive down operational overhead.
Next, you will need to identify your organization’s most sensitive data – is it intellectual property, customer personally-identifiable information, financial portfolios – any data that the inappropriate or unplanned disclosure of to either the public or your competition could severely or permanently damage your organization. And, as mentioned in a prior column, you will need to determine the single owner of each data element and who consumes them.
Create a data classification committee composed of your key business stakeholders, and representation from security, risk, compliance, privacy (if relevant), and audit groups. Have the business bring some of their key IT support. Keep the group manageable, depending on the size of your organization, eight to 12 people is about right. Make sure you have representation from data producers, consumers and deliverers. Plan to meet once a month, possibly more often as you get started or if roles are a completely new concept to your organization.
This group will determine the rules for sharing access and will act as an arbiter for issues between data producers and consumers. Including IT
Popularity: 1%
