Fighting Fraud Through Data Governance John Weigelt, MEng,
24 Slides3.75 MB
Fighting Fraud Through Data Governance John Weigelt, MEng, PEng, CISSP, CISM National Technology Officer Microsoft Canada November 2005
Fighting Fraud Understanding the landscape Leveraging the compliance spotlight Designing solutions for compliance Partnering for success
The Fundamental Difference CIO View of Finance CFOs often don't grasp the strategic importance of IT CFO IT: The Great Divide, CFO Magazine, Spring 2004 CFO View of IT IT is expensive, complex, and often fails to deliver it's a place to look for savings.
Security Protections afforded to a system to protect the confidentiality, integrity, availability of the system and information contained therein Sometimes includes Authentication, Authorization, Nonrepudiation
Security Challenges Security seen as an impediment Common Complaints include: “Restricts Access to Critical Services” “Encumbers the user” “Simply a cost” Engaging the business leader remains a challenge Often seen as a “IT systems thing” Tendency to respond only after a crisis Multi-channel view not fully appreciated
Privacy “the right to control access to one's person and information about one's self.” Privacy Commissioner of Canada, speech at the Freedom of Information and Protection of Privacy Conference, June 13, 2002
Privacy Challenges Spotlight on PIPEDA, PHIPA, FOIPPA Policy interpretations are still emerging Relationship to Security services misunderstood Privacy often implemented in a binary manner Focus on privacy enhancing technologies
Privacy Agility Fully Secure Non-Secure Security Full Disclosure Anonymous Privacy Public Opinion Solution Range
Data Governance The effective and responsible management of information assets within a framework that strives to mitigate risk, achieve compliance and promote trust and accountability. Data governance is the monitoring, management, and protection of data in a manner that complies with corporate policy, industry standards and regulatory requirements
Data Governance Characteristics Management accountability Policy creation Identity management Security safeguards Role-based access to data Policy enforcement Auditing and reporting
Leveraging Compliance
Leveraging the Current Compliance Environment While getting visibility for pure security activities has traditionally been a challenge, privacy and other compliance activities have caught the attention of business leaders Compliance activities are catalyzing security and privacy activities within the enterprise
Leveraging the Current Compliance Environment Organizations are coming to the realization that compliance activities are good business Compliance activities: Improve processes Creates Competitive Advantage Further Integrate IT Into the Business
Designing for Compliance
How Do You Design for Compliance? Detailed policies and procedures Awareness and education Leverage existing product features Employ specialized solutions Maximize the use of trustworthy products Designed and Evaluated to be secure Ongoing maintenance All while ensuring consistency with traditional service delivery channels
A Layered Approach to Compliance Engages the entire business for success Allows for the allocation of controls outside of IT Legislation Policies Procedures Physical Controls Application Features Inherent System Capabilities
Where to start? Depends on organizational culture But generally speaking: Top-down / bottom-up / middle out approach Embed and/or identify compliance requirements in business requirements Inventory existing tools for their data governance capabilities Fill gaps with specialized safeguards
Roadmap to Compliance Optimization Planning Corrective Measures Evaluation and Testing Implement and Document Startup
Secure against attacks Protects confidentiality, integrity of data and systems Manageable Protects from unwanted communication Controls for informational privacy Products, online services adhere to fair information principles Predictable; consistent, available Easy to configure and manage Resilient Recoverable Proven Open, transparent interaction with customers Industry leadership Embracing of Open Standards
Partnerships for Success
Guidance and Partnership
Call to Action Look to understand the landscape Leverage current emphasis Design for compliance Partner for success
[email protected] 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.