Five key questions to improve Big Data governance

MUMBAI, INDIA: Big data-dubbed "the new oil" by the World Economic Forum-can improve decision making, reduce time to market and increase profits. But it can also raise significant risk, ranging from disastrous data breaches to privacy and compliance concerns.

To help enterprises retain control of their massive and fast-changing information, ISACA has issued new guidance available freely at www.isaca.org/privacy-and-big-data. Privacy and Big Data: An ISACA White Paper outlines critical governance and assurance considerations as well as key questions that must be answered.

"CIOs are often under pressure from the board and senior leadership to implement big data before proper risk management and controls are in place, in order to compete in the marketplace," said Richard Chew, CISA, CISM, CGEIT, a developer of the ISACA paper and senior information security analyst at Emerald Management Group. "Big data provides an important opportunity to deliver value from information, but an enterprise will be more successful in the long run if policies and frameworks such as COBIT are put into place first."

"Increasingly more and more enterprises are discovering the enormous business potential that Big data holds however enterprises need to find optimal ways to unearth the benefits.Many Indian companies have lately been investing significantly in prospecting value from this big opportunity. While CIOs are eager to reap the best of benefits of big data for their enterprises, but privacy, reliable data source and other regulatory risks have been high on their concerns," said Vittal Raj, CISA, CISM, CGEIT,CRISC, CFE, CIA, CISSP, FCA, International Vice President, ISACA.

"The comprehensive COBIT 5 business framework for the governance of enterprise IT maintains a balance between realizing the benefits and optimizing risk levels and resource usage. ISACA's latest guide, Privacy and Big Data, identifies the impact of big data on privacy, privacy risk, privacy strategies, and governance and assurance considerations for big data privacy."he further added.According to Privacy and Big Data, enterprises must ask and answer 16 important questions, including these key five, which-if ignored-expose the enterprise to greater risk and damage:

1. Can we trust our sources of big data?

2. What information are we collecting without exposing the enterprise to legal and regulatory battles?

3. How will we protect our sources, our processes and our decisions from theft and corruption?

4. What policies are in place to ensure that employees keep stakeholder information confidential during and after employment?

5. What actions are we taking that create trends that can be exploited by our rivals?

 

As big data grows, enterprises need a robust data privacy solution to help prevent breaches and enforce security in a complex IT environment.

"To streamline the governance, risk management and effective delivery of big data implementation projects, many enterprises are implementing COBIT, a customizable framework developed by global subject matter experts," said Yves LeRoux, CISM, CISSP, chair of ISACA's Data Privacy Task Force and technology strategist at CA Technologies. "By using COBIT, enterprises can more easily identify sensitive data, ensure that the data are secured, demonstrate compliance with applicable laws and regulations, proactively monitor the data, and react and respond faster to data or privacy breaches."

The COBIT 5 framework can be downloaded free of charge at www.isaca.org/cobit. Privacy and Big Data is available freely at www.isaca.org/privacy-and-big-data . Additional privacy and big data discussions, links and resources can be found in ISACA's Knowledge Center in the Privacy/Data Protection and Big Data communities.