Data security describes the implementation of policies and procedures to ensure people and things take the right actions with data and information assets, even in the presence of malicious inputs. The right actions mean controlling and enabling data activity by balancing needs from:
- Stakeholders: Protect personal information while allowing access for legitimate transactions agreed upon by the stakeholder and the entity using the information. Prevent identity theft and third-party access that is not authorized.
- Government Regulators: Meet government laws around data ownership, consent for data use, notification of data breaches, and data deletion. In addition, provide portability for data owners to know what information exists about them and to share with other controllers.
- Business Owners: Secure proprietary information while allowing access to information needed for different roles across the organization. Allow data to be available for new insights and innovations. Prevent data breaches from unexpected sources, such as human error or natural disasters.
Other Definitions of Data Security Include:
- “The planning, development, and execution of security policies and procedures to provide proper authentication, authorization, access and auditing of data and information assets.” (DAMA DMBoK2)
- “The protection of digital data from a cyberattack or a data breach.” (Keith D. Foote)
- Measures to protect sensitive data (MIT).
- A sound plan to “collect only needed data assets, keep them safe, and dispose of them properly to protect sensitive data.” (S. Federal Trade Commission)
- Tools that prevent data loss, encrypt, audit, and protect data (TechRepublic).
Data Security Use Case Examples Include:
- Preventing and handling data breaches through good Data Governance and employee training
- Identifying and stopping malware
- Deciding what kinds of data should be kept in the cloud and protecting the data stored with a cloud provider
- Critiquing data sets inputs used by machine learning to prevent falsification of information and misuse
- Testing and auditing hardware and software pertaining to the Internet of Things (IoT) to find unknown access points
- Complying with the European General Data Protection Regulation (GDPR)
Businesses Need Data Security To:
- Identify fraudulent, legal, or undesirable data usage in database activities
- Reduce legal and/or financial risks
- Grow the business
- Protect and maintain brand integrity
Image used under license from Shutterstock.com