Five Key Questions To Improve Big Data Governance

Privacy and Big Data: An ISACA White Paper outlines critical governance and assurance considerations as well as key questions that must be answered.

“CIOs are often under pressure from the board and senior leadership to implement big data before proper risk management and controls are in place, in order to compete in the marketplace,” said Richard Chew, CISA, CISM, CGEIT, a developer of the ISACA paper and senior information security analyst at Emerald Management Group. “Big data provides an important opportunity to deliver value from information, but an enterprise will be more successful in the long run if policies and frameworks such as COBIT are put into place first.”

According to Privacy and Big Data, enterprises must ask and answer 16 important questions, including these key five, which—if ignored—expose the enterprise to greater risk and damage:

1. Can we trust our sources of big data?
2. What information are we collecting without exposing the enterprise to legal and regulatory battles?
3. How will we protect our sources, our processes and our decisions from theft and corruption?
4. What policies are in place to ensure that employees keep stakeholder information confidential during and after employment?
5. What actions are we taking that create trends that can be exploited by our rivals?

As big data grows, enterprises need a robust data privacy solution to help prevent breaches and enforce security in a complex IT environment.

“To streamline the governance, risk management and effective delivery of big data implementation projects, many enterprises are implementing COBIT, a customisable framework developed by global subject matter experts,” said Yves LeRoux, CISM, CISSP, chair of ISACA’s Data Privacy Task Force and technology strategist at CA Technologies. “By using COBIT, enterprises can more easily identify sensitive data, ensure that the data are secured, demonstrate compliance with applicable laws and regulations, proactively monitor the data, and react and respond faster to data or privacy breaches.”