Data Security

Previous page
Table of content
Next page

The data that many organizations hold within the confines of their information technology systems is their most valuable asset. This holds especially true for financial services, banks, and insurance verticals. So far, this chapter has focused on the value of metadata repositories within the enterprise. To build upon this concept, we now focus on the data security architecture that should, ideally, extend the information contained with the repository.

Many large enterprises have groups of employees who are responsible for IT security. Some have even gone as far as creating a chief security officer position. Even with a large staff, organizations still experience breaches and lack any resources that allow them to quickly identify the impact of any attack. The existence of a metadata repository will also allow security personnel to identify and classify threats related to the following:

  • Theft of information

  • Malicious modification of data

Information theft can have a drastic impact on an enterprise violation of privacy and security regulations, on litigation, and mostly on damage to an organization's brand. Information theft at a minimum results in information being copied. In the wake of September 11, it is clear that this breach could also have an effect on national security. In many situations, it may also result in the destruction of data used to make critical decisions. This will result in a loss of productivity, as this information will need to be reproduced.

Malicious modification of data can sometimes be even more detrimental than either the theft and/or destruction of information since it could result in less-than-optimal decisions based on erroneous data. Unauthorized modification, especially if undetected, can compromise projects that depend on the integrity of information. Many organizations may expose this data to external systems or present this information on publicly viewable Web sites. Imagine if Canaxia's Web site were changed so that all its cars' names were altered to those of competitors' cars or if recall information were changed about defective tires on their sport utility vehicles. This threat category can also include nonmalicious, well-intentioned changes in data that can have the same effect. Nevertheless, the insecure actions of even trusted employees can compromise the security and integrity of valuable corporate information.

The metadata repository should also classify the various functional environments and create security policies to prevent unauthorized access to information. This information can then be used as a specification for upstream systems that leverage this data and can provide valuable input into an organization's compliance process. Canaxia has established data security policies and classified all data into five categories, as listed in Table 11-3.

Table 11-3. Classification

Category

Description

Unrestricted

Data that can be viewed by any party including the general public.

Research and Development

Data that is sensitive and contains preliminary research results that will be disclosed at a future date. Early disclosure could have detrimental consequences.

Operations

Data that is proprietary in nature and may contain information about Canaxia's customers, partners, and financials, as well as related information that is protected under privacy acts. Disclosure of this data could result in financial loss, damage to the brand, and legal recourse. This could also include data that are protected under the Freedom of Information Act (government entities).

Partner, Governmental Information

Data that is typically unclassified and protected in accordance with a sponsor's requirements and may contain trade secrets, competitive information, or other information deemed private. This could include information related to mergers and acquisitions, joint partnerships with governments in other countries, and information shared with financial auditors.

National Security

Information that requires special protection to support national interests and may include uses of special technologies. For example, Canaxia manufacturers the limousines for the presidents and prime ministers of many nations and specially equips them with antipersonnel devices, armor, and encrypted communication devices.


Previous page
Table of content
Next page
Practical Guide to Enterprise Architecture, A
A Practical Guide to Enterprise Architecture
ISBN: 0131412752
EAN: 2147483647
Year: 2005
Pages: 148
Authors: James McGovern, Scott W. Ambler, Michael E. Stevens, James Linn, Vikas Sharan, Elias K. Jo
BUY ON AMAZON
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
File System Forensic Analysis
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy