| ||
The first thing you must do is to explicitly identify a team member whos responsible for the security of the DW/BI system. If no one owns the problem, it wont be addressed. Define the role in the organizational context: What security is the security manager responsible for? What tasks does the security manager do, and what tasks does he or she direct others to do? The security manager has to be involved in the architecture design and in verifying the actual setup and use of the DW/BI system. Every new component, upgrade, user group , indeed any system change, needs to be examined from a security perspective to make sure it doesnt compromise the system. Many organizations require a mandatory signoff by the security manager as part of the change deployment process.
We recommend that the security manager be part of the DW/BI team. The DW/BI security manager should have a formal relationship with any enterprise security office or Internal Audit. But to be effective, the security manager must be intimately familiar with the DW/BI system. In small organizations, the DW/BI team lead may play the role of the security manager. In any case, it needs to be someone fairly senior, with a broad understanding of the end-to-end system.
| ||