SlideShare a Scribd company logo

Implementing Data Governance & ISMS in a University

Kate Carruthers
Kate Carruthers

Presentation at the 2017 Australian Cyber Security Centre (ACSC) Conference

Technology
1 of 27
Download to read offline
Case study: Implementing Data Governance and ISMS at UNSW Kate Carruthers Version 1.0 March 2017 Classification: PUBLIC
This case study covers the complexities of implementing data & information governance and an information & security management system as part of a broader cybersecurity framework at an institution like UNSW Australia. It explores some of the unique challenges of securing an institution that has over 50,000 students and which undertakes research that ranges from open data to personally identifying patient information. 16/08/2017 Data & Information Governance Office 1
Fast facts 16/08/2017 Data & Information Governance Office 2
The Group of Eight (Go8) is a coalition of leading Australian universities, intensive in research and comprehensive in general and professional education. The Global Alliance of Technological Universities is a network of the world’s top technological universities APRU is a network of 45 premier research universities from 16 economies around the Pacific Rim. Universitas 21 is the leading global network of research-intensive universities. The PLuS (Phoenix London Sydney) Alliance combines the strengths of three leading research universities on three continents to develop innovative solutions to these challenges in global health, social justice and sustainability while progressing the responsible innovation of advanced technologies Alliances 16/08/2017 Data & Information Governance Office 3
16/08/2017 Data & Information Governance Office 4
Diverse user community 16/08/2017 Data & Information Governance Office 5
3 realms of data 16/08/2017 Data & Information Governance Office 6 Learning & Teaching Research Administrative Enterprise systems Local Faculty-based systems Systems of record Learning Management Lecture recording MOOCs Research data Publications
Cultural issues Academic freedom Inventing the future We know what we’re doing I’ve got a PhD and you don’t 16/08/2017 Data & Information Governance Office 7
16/08/2017 Data & Information Governance Office 8 Cybersecurity and enterprise risk management are a key focus for Council and Management Data & information governance are a key foundation for cybersecurity Cybersecurity and enterprise risk management are a key focus for Council and Management
Data & information governance are a key foundation for cybersecurity Management 16/08/2017 Data & Information Governance Office 9 Data & information governance are a key foundation for cybersecurity
16/08/2017 Data & Information Governance Office 10
16/08/2017 Data & Information Governance Office 11
16/08/2017 Data & Information Governance Office 12
Responses to the hack War room Perimeter defences Visibility at Council level Risk register Appointment of dedicated Info Sec resources 16/08/2017 Data & Information Governance Office 13
Threats 1. Phishing, Whaling/Spear Phishing 2. Ransomware 3. DDOS/Zombie botnet armies 4. Big data 5. Ignorance 16/08/2017 Data & Information Governance Office 14
16/08/2017 Data & Information Governance Office 15
Work plan 16/08/2017 Data & Information Governance Office 16 Setup policy framework Re-establish Data Governance Committees Establish Data Ownership structure Identify ‘Crown Jewels’ Implement Data Classification Implement System Classification Implement ISMS Implement Business Glossary Tool Implement Data Quality Process Implement Internal Data Sharing Agreements Implement Reference Data Management Implement Master Data Management Done PlannedKey: In progress
The 4 dimensions Framework: • provides enterprise wide roles and responsibilities to be accountable for decisions related to data assets • establishes policies & procedures to manage the data assets • provides diverse tools for managing operational data tasks UNSW Data Governance Framework focuses on the oversight, guidance and quality of enterprise data assets enabled through People, Policies, Procedures and Tools Policies are high level statements that provide context for strategic decisions relating to the data assets People are members of UNSW governance bodies, which hold the authority for decision relating to data assets Tools are pre-prepared objects that support people carrying out procedures Procedures are specific instructions designed to ensure policy is followed and outcomes are measurable Workflow for Approval Checklists Issues Register Data Profiling Data Sharing Data Reporting Regulatory Compliance Data Asset Prioritisation Data Exchange Agreements Data Process Flow Data Integration Data Security Strategic Drivers Dimensions Enterprise Oversight of Data Enterprise Guidance on Data Enterprise Quality of Data Performance Metrics Policies Procedures Tools Data Executives Data Owners Data Stewards People Data Creators/ Data Specialists 1 2 3 4 16/08/2017 Data & Information Governance Office 17
Alignment - Legal, Privacy, IT & Info Sec Mar-2017 Data & Information Governance 18 Information literacy Data driven improvements Policies & Standards Information Quality Privacy, Compliance, Security Architecture, Integration Establish Decision Rights Stewardship Assess Risk & Define Controls Consistent Data Definitions Adapted from University of Wisconsin Data Governance Framework
Fundamentals Data ownership Data classification Data handling guidelines ISMS Standards 16/08/2017 Data & Information Governance Office 19 Boundaries between Data Governance & IT teams – collaboration is critical
Data Classification 16/08/2017 Data & Information Governance Office 5 Data Classification Example Data Types Highly Sensitive Data subject to regulatory control Medical Children & Young persons Credit Card Research Data (containing personal medical data) Sensitive Student and Staff HR data Organisational financial data Exam material Exam Results Research Data (containing personal data) Private Business unit process and procedure Unpublished Intellectual property ICT system design & configuration information Public Faculty and staff directory information Course catalogues Published research data
Data classification process 16/08/2017 Data & Information Governance Office 21 Apply the controls Apply data classification to the Information Asset Assess data risks Identify the Information Assets Identify the Data Owner
ISMS 16/08/2017 Data & Information Governance Office 22 UNSW Faculties/Divisions/Affiliates Critical Apps Critical Apps Critical Apps Critical Apps CMDB Cloud/Internet Faculty Security Forums
Security approach Data Collection & Validation or Verification Reporting of potential threats/risks and compliance – e.g. Heat maps to Security Forums in each Faculty Risk Workshops Mitigation action plans Ongoing Compliance Maintenance Process 16/08/2017 Data & Information Governance Office 23 Goal: Standardisation of cyber security management processes across UNSW
16/08/2017 Data & Information Governance Office 24
What we’ve learned so far 1. Methodically build up info sec layers 2. Every day do one thing better 3. Data governance matters 4. Info sec is a team sport 16/08/2017 Data & Information Governance Office 25
Thank you Kate Carruthers k.carruthers@unsw.edu.au 16/08/2017 Data & Information Governance Office 26

Recommended

Data governance – an essential foundation to good cyber security practice
Data governance – an essential foundation to good cyber security practiceData governance – an essential foundation to good cyber security practice
Data governance – an essential foundation to good cyber security practice
Kate Carruthers
 
Data Governance - a work in progress
Data Governance - a work in progressData Governance - a work in progress
Data Governance - a work in progress
Kate Carruthers
 
Data Protection for Higher Education
Data Protection for Higher EducationData Protection for Higher Education
Data Protection for Higher Education
Kate Carruthers
 
Starting data governance
Starting data governance Starting data governance
Starting data governance
Kate Carruthers
 
Modelling Higher Education's digital future
Modelling Higher Education's digital future Modelling Higher Education's digital future
Modelling Higher Education's digital future
Kate Carruthers
 
Data & Digital Ethics: some thoughts
Data & Digital Ethics: some thoughts Data & Digital Ethics: some thoughts
Data & Digital Ethics: some thoughts
Kate Carruthers
 
Real-World Data Governance: Data Governance Expectations
Real-World Data Governance: Data Governance ExpectationsReal-World Data Governance: Data Governance Expectations
Real-World Data Governance: Data Governance Expectations
DATAVERSITY
 
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...
DATAVERSITY
 

Recommended

Data governance – an essential foundation to good cyber security practice
Data governance – an essential foundation to good cyber security practiceData governance – an essential foundation to good cyber security practice
Data governance – an essential foundation to good cyber security practice
Kate Carruthers
 
Data Governance - a work in progress
Data Governance - a work in progressData Governance - a work in progress
Data Governance - a work in progress
Kate Carruthers
 
Data Protection for Higher Education
Data Protection for Higher EducationData Protection for Higher Education
Data Protection for Higher Education
Kate Carruthers
 
Starting data governance
Starting data governance Starting data governance
Starting data governance
Kate Carruthers
 
Modelling Higher Education's digital future
Modelling Higher Education's digital future Modelling Higher Education's digital future
Modelling Higher Education's digital future
Kate Carruthers
 
Data & Digital Ethics: some thoughts
Data & Digital Ethics: some thoughts Data & Digital Ethics: some thoughts
Data & Digital Ethics: some thoughts
Kate Carruthers
 
Real-World Data Governance: Data Governance Expectations
Real-World Data Governance: Data Governance ExpectationsReal-World Data Governance: Data Governance Expectations
Real-World Data Governance: Data Governance Expectations
DATAVERSITY
 
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...
Automated Data Governance 101 - A Guide to Proactively Addressing Your Privac...
DATAVERSITY
 
Data Governance Best Practices and Lessons Learned
Data Governance Best Practices and Lessons LearnedData Governance Best Practices and Lessons Learned
Data Governance Best Practices and Lessons Learned
DATAVERSITY
 
Your Worst GDPR Nightmare - Unstructured Data
Your Worst GDPR Nightmare - Unstructured DataYour Worst GDPR Nightmare - Unstructured Data
Your Worst GDPR Nightmare - Unstructured Data
DATAVERSITY
 
Real-World Data Governance: Governance Risk and Compliance
Real-World Data Governance: Governance Risk and ComplianceReal-World Data Governance: Governance Risk and Compliance
Real-World Data Governance: Governance Risk and Compliance
DATAVERSITY
 
DataEd Slides: Getting Data Quality Right – Success Stories
DataEd Slides: Getting Data Quality Right – Success StoriesDataEd Slides: Getting Data Quality Right – Success Stories
DataEd Slides: Getting Data Quality Right – Success Stories
DATAVERSITY
 
Keith prabhu global high on cloud summit
Keith prabhu global high on cloud summitKeith prabhu global high on cloud summit
Keith prabhu global high on cloud summit
administrator_confidis
 
Getting (Re)Started with Data Stewardship
Getting (Re)Started with Data StewardshipGetting (Re)Started with Data Stewardship
Getting (Re)Started with Data Stewardship
DATAVERSITY
 
DataEd Online: Let's Talk Metadata Strategies and Successes
DataEd Online: Let's Talk Metadata Strategies and SuccessesDataEd Online: Let's Talk Metadata Strategies and Successes
DataEd Online: Let's Talk Metadata Strategies and Successes
DATAVERSITY
 
Data Management is Data Governance
Data Management is Data GovernanceData Management is Data Governance
Data Management is Data Governance
DATAVERSITY
 
Comparing Approaches to Data Governance
Comparing Approaches to Data GovernanceComparing Approaches to Data Governance
Comparing Approaches to Data Governance
DATAVERSITY
 
Winter school in research data science research data management - final
Winter school in research data science research data management - finalWinter school in research data science research data management - final
Winter school in research data science research data management - final
ARDC
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
DATAVERSITY
 
Real-World Data Governance: What is a Data Steward and What Do They Do?
Real-World Data Governance: What is a Data Steward and What Do They Do?Real-World Data Governance: What is a Data Steward and What Do They Do?
Real-World Data Governance: What is a Data Steward and What Do They Do?
DATAVERSITY
 
Data-Ed Slides: Best Practices in Data Stewardship (Technical)
Data-Ed Slides: Best Practices in Data Stewardship (Technical)Data-Ed Slides: Best Practices in Data Stewardship (Technical)
Data-Ed Slides: Best Practices in Data Stewardship (Technical)
DATAVERSITY
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
Eryk Budi Pratama
 
Dama Ireland slides - Data Trust event 9th June 2016
Dama Ireland slides - Data Trust event 9th June 2016Dama Ireland slides - Data Trust event 9th June 2016
Dama Ireland slides - Data Trust event 9th June 2016
Ken O'Connor
 
The Data Model as a Data Governance Artifact
The Data Model as a Data Governance ArtifactThe Data Model as a Data Governance Artifact
The Data Model as a Data Governance Artifact
DATAVERSITY
 
Securing executive support for data governance - John Morton
Securing executive support for data governance - John MortonSecuring executive support for data governance - John Morton
Securing executive support for data governance - John Morton
BCS Data Management Specialist Group
 
Data Stewards – Defining and Assigning
Data Stewards – Defining and AssigningData Stewards – Defining and Assigning
Data Stewards – Defining and Assigning
DATAVERSITY
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance
Jean-Michel Franco
 
Chief Data Officer Agenda Webinar: How CDOs Should Work with Lawyers
Chief Data Officer Agenda Webinar: How CDOs Should Work with LawyersChief Data Officer Agenda Webinar: How CDOs Should Work with Lawyers
Chief Data Officer Agenda Webinar: How CDOs Should Work with Lawyers
DATAVERSITY
 
July IAP: Confidential Information - Storage, Sharing, & Publication - with M...
July IAP: Confidential Information - Storage, Sharing, & Publication - with M...July IAP: Confidential Information - Storage, Sharing, & Publication - with M...
July IAP: Confidential Information - Storage, Sharing, & Publication - with M...
Micah Altman
 
Putting FAIR Principles in the Context of Research Information: FAIRness for ...
Putting FAIR Principles in the Context of Research Information: FAIRness for ...Putting FAIR Principles in the Context of Research Information: FAIRness for ...
Putting FAIR Principles in the Context of Research Information: FAIRness for ...
Anastasija Nikiforova
 

More Related Content

What's hot

Data Governance Best Practices and Lessons Learned
Data Governance Best Practices and Lessons LearnedData Governance Best Practices and Lessons Learned
Data Governance Best Practices and Lessons Learned
DATAVERSITY
 
Your Worst GDPR Nightmare - Unstructured Data
Your Worst GDPR Nightmare - Unstructured DataYour Worst GDPR Nightmare - Unstructured Data
Your Worst GDPR Nightmare - Unstructured Data
DATAVERSITY
 
Real-World Data Governance: Governance Risk and Compliance
Real-World Data Governance: Governance Risk and ComplianceReal-World Data Governance: Governance Risk and Compliance
Real-World Data Governance: Governance Risk and Compliance
DATAVERSITY
 
DataEd Slides: Getting Data Quality Right – Success Stories
DataEd Slides: Getting Data Quality Right – Success StoriesDataEd Slides: Getting Data Quality Right – Success Stories
DataEd Slides: Getting Data Quality Right – Success Stories
DATAVERSITY
 
Keith prabhu global high on cloud summit
Keith prabhu global high on cloud summitKeith prabhu global high on cloud summit
Keith prabhu global high on cloud summit
administrator_confidis
 
DataEd Online: Let's Talk Metadata Strategies and Successes
DataEd Online: Let's Talk Metadata Strategies and SuccessesDataEd Online: Let's Talk Metadata Strategies and Successes
DataEd Online: Let's Talk Metadata Strategies and Successes
DATAVERSITY
 
Comparing Approaches to Data Governance
Comparing Approaches to Data GovernanceComparing Approaches to Data Governance
Comparing Approaches to Data Governance
DATAVERSITY
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
DATAVERSITY
 
Real-World Data Governance: What is a Data Steward and What Do They Do?
Real-World Data Governance: What is a Data Steward and What Do They Do?Real-World Data Governance: What is a Data Steward and What Do They Do?
Real-World Data Governance: What is a Data Steward and What Do They Do?
DATAVERSITY
 
Data-Ed Slides: Best Practices in Data Stewardship (Technical)
Data-Ed Slides: Best Practices in Data Stewardship (Technical)Data-Ed Slides: Best Practices in Data Stewardship (Technical)
Data-Ed Slides: Best Practices in Data Stewardship (Technical)
DATAVERSITY
 
Dama Ireland slides - Data Trust event 9th June 2016
Dama Ireland slides - Data Trust event 9th June 2016Dama Ireland slides - Data Trust event 9th June 2016
Dama Ireland slides - Data Trust event 9th June 2016
Ken O'Connor
 
The Data Model as a Data Governance Artifact
The Data Model as a Data Governance ArtifactThe Data Model as a Data Governance Artifact
The Data Model as a Data Governance Artifact
DATAVERSITY
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance
Jean-Michel Franco
 
Chief Data Officer Agenda Webinar: How CDOs Should Work with Lawyers
Chief Data Officer Agenda Webinar: How CDOs Should Work with LawyersChief Data Officer Agenda Webinar: How CDOs Should Work with Lawyers
Chief Data Officer Agenda Webinar: How CDOs Should Work with Lawyers
DATAVERSITY
 

What's hot (20)

Data Governance Best Practices and Lessons Learned
Data Governance Best Practices and Lessons LearnedData Governance Best Practices and Lessons Learned
Data Governance Best Practices and Lessons Learned
 
Your Worst GDPR Nightmare - Unstructured Data
Your Worst GDPR Nightmare - Unstructured DataYour Worst GDPR Nightmare - Unstructured Data
Your Worst GDPR Nightmare - Unstructured Data
 
Real-World Data Governance: Governance Risk and Compliance
Real-World Data Governance: Governance Risk and ComplianceReal-World Data Governance: Governance Risk and Compliance
Real-World Data Governance: Governance Risk and Compliance
 
DataEd Slides: Getting Data Quality Right – Success Stories
DataEd Slides: Getting Data Quality Right – Success StoriesDataEd Slides: Getting Data Quality Right – Success Stories
DataEd Slides: Getting Data Quality Right – Success Stories
 
Keith prabhu global high on cloud summit
Keith prabhu global high on cloud summitKeith prabhu global high on cloud summit
Keith prabhu global high on cloud summit
 
Getting (Re)Started with Data Stewardship
Getting (Re)Started with Data StewardshipGetting (Re)Started with Data Stewardship
Getting (Re)Started with Data Stewardship
 
DataEd Online: Let's Talk Metadata Strategies and Successes
DataEd Online: Let's Talk Metadata Strategies and SuccessesDataEd Online: Let's Talk Metadata Strategies and Successes
DataEd Online: Let's Talk Metadata Strategies and Successes
 
Data Management is Data Governance
Data Management is Data GovernanceData Management is Data Governance
Data Management is Data Governance
 
Comparing Approaches to Data Governance
Comparing Approaches to Data GovernanceComparing Approaches to Data Governance
Comparing Approaches to Data Governance
 
Winter school in research data science research data management - final
Winter school in research data science research data management - finalWinter school in research data science research data management - final
Winter school in research data science research data management - final
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
 
Real-World Data Governance: What is a Data Steward and What Do They Do?
Real-World Data Governance: What is a Data Steward and What Do They Do?Real-World Data Governance: What is a Data Steward and What Do They Do?
Real-World Data Governance: What is a Data Steward and What Do They Do?
 
Data-Ed Slides: Best Practices in Data Stewardship (Technical)
Data-Ed Slides: Best Practices in Data Stewardship (Technical)Data-Ed Slides: Best Practices in Data Stewardship (Technical)
Data-Ed Slides: Best Practices in Data Stewardship (Technical)
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
 
Dama Ireland slides - Data Trust event 9th June 2016
Dama Ireland slides - Data Trust event 9th June 2016Dama Ireland slides - Data Trust event 9th June 2016
Dama Ireland slides - Data Trust event 9th June 2016
 
The Data Model as a Data Governance Artifact
The Data Model as a Data Governance ArtifactThe Data Model as a Data Governance Artifact
The Data Model as a Data Governance Artifact
 
Securing executive support for data governance - John Morton
Securing executive support for data governance - John MortonSecuring executive support for data governance - John Morton
Securing executive support for data governance - John Morton
 
Data Stewards – Defining and Assigning
Data Stewards – Defining and AssigningData Stewards – Defining and Assigning
Data Stewards – Defining and Assigning
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance
 
Chief Data Officer Agenda Webinar: How CDOs Should Work with Lawyers
Chief Data Officer Agenda Webinar: How CDOs Should Work with LawyersChief Data Officer Agenda Webinar: How CDOs Should Work with Lawyers
Chief Data Officer Agenda Webinar: How CDOs Should Work with Lawyers
 

Similar to Implementing Data Governance & ISMS in a University

July IAP: Confidential Information - Storage, Sharing, & Publication - with M...
July IAP: Confidential Information - Storage, Sharing, & Publication - with M...July IAP: Confidential Information - Storage, Sharing, & Publication - with M...
July IAP: Confidential Information - Storage, Sharing, & Publication - with M...
Micah Altman
 
Putting FAIR Principles in the Context of Research Information: FAIRness for ...
Putting FAIR Principles in the Context of Research Information: FAIRness for ...Putting FAIR Principles in the Context of Research Information: FAIRness for ...
Putting FAIR Principles in the Context of Research Information: FAIRness for ...
Anastasija Nikiforova
 
Challenges in Clinical Research: Aridhia Disrupts Technology Approach to Rese...
Challenges in Clinical Research: Aridhia Disrupts Technology Approach to Rese...Challenges in Clinical Research: Aridhia Disrupts Technology Approach to Rese...
Challenges in Clinical Research: Aridhia Disrupts Technology Approach to Rese...
VMware Tanzu
 
Challenges in Clinical Research: Aridhia's Disruptive Technology Approach to ...
Challenges in Clinical Research: Aridhia's Disruptive Technology Approach to ...Challenges in Clinical Research: Aridhia's Disruptive Technology Approach to ...
Challenges in Clinical Research: Aridhia's Disruptive Technology Approach to ...
Aridhia Informatics Ltd
 
A Survey on Big Data Analytics: Challenges
A Survey on Big Data Analytics: ChallengesA Survey on Big Data Analytics: Challenges
A Survey on Big Data Analytics: Challenges
Dr. Amarjeet Singh
 
Identifying and analyzing the transient and permanent barriers for big data
Identifying and analyzing the transient and permanent barriers for big dataIdentifying and analyzing the transient and permanent barriers for big data
Identifying and analyzing the transient and permanent barriers for big data
sarfraznawaz
 
Data quality presentation oct 2006 23092006
Data quality presentation oct 2006 23092006Data quality presentation oct 2006 23092006
Data quality presentation oct 2006 23092006
Anastasia Govan Kuusk
 
Systematic Literature Review and Research Model to Examine Data Analytics Ado...
Systematic Literature Review and Research Model to Examine Data Analytics Ado...Systematic Literature Review and Research Model to Examine Data Analytics Ado...
Systematic Literature Review and Research Model to Examine Data Analytics Ado...
Karthikeyan Umapathy
 

Similar to Implementing Data Governance & ISMS in a University (20)

July IAP: Confidential Information - Storage, Sharing, & Publication - with M...
July IAP: Confidential Information - Storage, Sharing, & Publication - with M...July IAP: Confidential Information - Storage, Sharing, & Publication - with M...
July IAP: Confidential Information - Storage, Sharing, & Publication - with M...
 
Putting FAIR Principles in the Context of Research Information: FAIRness for ...
Putting FAIR Principles in the Context of Research Information: FAIRness for ...Putting FAIR Principles in the Context of Research Information: FAIRness for ...
Putting FAIR Principles in the Context of Research Information: FAIRness for ...
 
Challenges in Clinical Research: Aridhia Disrupts Technology Approach to Rese...
Challenges in Clinical Research: Aridhia Disrupts Technology Approach to Rese...Challenges in Clinical Research: Aridhia Disrupts Technology Approach to Rese...
Challenges in Clinical Research: Aridhia Disrupts Technology Approach to Rese...
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Challenges in Clinical Research: Aridhia's Disruptive Technology Approach to ...
Challenges in Clinical Research: Aridhia's Disruptive Technology Approach to ...Challenges in Clinical Research: Aridhia's Disruptive Technology Approach to ...
Challenges in Clinical Research: Aridhia's Disruptive Technology Approach to ...
 
A Survey on Big Data Analytics: Challenges
A Survey on Big Data Analytics: ChallengesA Survey on Big Data Analytics: Challenges
A Survey on Big Data Analytics: Challenges
 
Managing data behind creative masterpieces
Managing data behind creative masterpiecesManaging data behind creative masterpieces
Managing data behind creative masterpieces
 
Birgit Schmidt: RDA for Libraries from an International Perspective
Birgit Schmidt: RDA for Libraries from an International PerspectiveBirgit Schmidt: RDA for Libraries from an International Perspective
Birgit Schmidt: RDA for Libraries from an International Perspective
 
Big data adoption: State of the art and Research challenges
Big data adoption: State of the art and Research challengesBig data adoption: State of the art and Research challenges
Big data adoption: State of the art and Research challenges
 
Supporting a Collaborative R&D Organization with a Dynamic Big Data Solution
Supporting a Collaborative R&D Organization with a Dynamic Big Data SolutionSupporting a Collaborative R&D Organization with a Dynamic Big Data Solution
Supporting a Collaborative R&D Organization with a Dynamic Big Data Solution
 
Identifying and analyzing the transient and permanent barriers for big data
Identifying and analyzing the transient and permanent barriers for big dataIdentifying and analyzing the transient and permanent barriers for big data
Identifying and analyzing the transient and permanent barriers for big data
 
Simon hodson
Simon hodsonSimon hodson
Simon hodson
 
Presentation to the Woolcock Institute of Medical Research
Presentation to the Woolcock Institute of Medical Research Presentation to the Woolcock Institute of Medical Research
Presentation to the Woolcock Institute of Medical Research
 
Luciano uvi hackfest.28.10.2020
Luciano uvi hackfest.28.10.2020Luciano uvi hackfest.28.10.2020
Luciano uvi hackfest.28.10.2020
 
McGeary Data Curation Network: Developing and Scaling
McGeary Data Curation Network: Developing and ScalingMcGeary Data Curation Network: Developing and Scaling
McGeary Data Curation Network: Developing and Scaling
 
Introduction to Data Analytics and data analytics life cycle
Introduction to Data Analytics and data analytics life cycleIntroduction to Data Analytics and data analytics life cycle
Introduction to Data Analytics and data analytics life cycle
 
Data quality presentation oct 2006 23092006
Data quality presentation oct 2006 23092006Data quality presentation oct 2006 23092006
Data quality presentation oct 2006 23092006
 
Systematic Literature Review and Research Model to Examine Data Analytics Ado...
Systematic Literature Review and Research Model to Examine Data Analytics Ado...Systematic Literature Review and Research Model to Examine Data Analytics Ado...
Systematic Literature Review and Research Model to Examine Data Analytics Ado...
 
UK data management environment and support
UK data management environment and supportUK data management environment and support
UK data management environment and support
 
Digital Geoscience - Transforming the use of NDR’s and subsurface databases i...
Digital Geoscience - Transforming the use of NDR’s and subsurface databases i...Digital Geoscience - Transforming the use of NDR’s and subsurface databases i...
Digital Geoscience - Transforming the use of NDR’s and subsurface databases i...
 

More from Kate Carruthers

The Power of Social Business
The Power of Social BusinessThe Power of Social Business
The Power of Social Business
Kate Carruthers
 

More from Kate Carruthers (20)

Info Sec, AI, and Ethics
Info Sec, AI, and EthicsInfo Sec, AI, and Ethics
Info Sec, AI, and Ethics
 
Internet of Things and Governance
Internet of Things and GovernanceInternet of Things and Governance
Internet of Things and Governance
 
Digital Marketing and your startup
Digital Marketing and your startupDigital Marketing and your startup
Digital Marketing and your startup
 
Data at the centre of a complex world
Data at the centre of a complex world Data at the centre of a complex world
Data at the centre of a complex world
 
Data & Digital Ethics - CDAO Conference Sydney 2018
Data & Digital Ethics - CDAO Conference Sydney 2018Data & Digital Ethics - CDAO Conference Sydney 2018
Data & Digital Ethics - CDAO Conference Sydney 2018
 
Future proof your career
Future proof your career Future proof your career
Future proof your career
 
Taking disruption for granted
Taking disruption for grantedTaking disruption for granted
Taking disruption for granted
 
The Internet of Things - 36th International Conference of Privacy and Data Co...
The Internet of Things - 36th International Conference of Privacy and Data Co...The Internet of Things - 36th International Conference of Privacy and Data Co...
The Internet of Things - 36th International Conference of Privacy and Data Co...
 
Social media: balancing risk and control
Social media: balancing risk and controlSocial media: balancing risk and control
Social media: balancing risk and control
 
Building the sharing economy
Building the sharing economy Building the sharing economy
Building the sharing economy
 
Hardware is Hard - Products are Hard Melbourne 2013
Hardware is Hard - Products are Hard Melbourne 2013Hardware is Hard - Products are Hard Melbourne 2013
Hardware is Hard - Products are Hard Melbourne 2013
 
Social and technology trends for banking
Social and technology trends for bankingSocial and technology trends for banking
Social and technology trends for banking
 
Internet of things: New Technology and its Impact on Business Models
Internet of things: New Technology and its Impact on Business ModelsInternet of things: New Technology and its Impact on Business Models
Internet of things: New Technology and its Impact on Business Models
 
Crowdfunding
CrowdfundingCrowdfunding
Crowdfunding
 
Your blog your brand - tips on getting started with your blog
Your blog your brand - tips on getting started with your blogYour blog your brand - tips on getting started with your blog
Your blog your brand - tips on getting started with your blog
 
Social media for social good 2012
Social media for social good 2012Social media for social good 2012
Social media for social good 2012
 
Whats the big idea with social media media140-2012
Whats the big idea with social media media140-2012Whats the big idea with social media media140-2012
Whats the big idea with social media media140-2012
 
Failing in the right direction
Failing in the right directionFailing in the right direction
Failing in the right direction
 
The Power of Social Business
The Power of Social BusinessThe Power of Social Business
The Power of Social Business
 
Gathering11 - envisioning change
Gathering11 - envisioning changeGathering11 - envisioning change
Gathering11 - envisioning change
 

Recently uploaded

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 

Implementing Data Governance & ISMS in a University

  • 1. Case study: Implementing Data Governance and ISMS at UNSW Kate Carruthers Version 1.0 March 2017 Classification: PUBLIC
  • 2. This case study covers the complexities of implementing data & information governance and an information & security management system as part of a broader cybersecurity framework at an institution like UNSW Australia. It explores some of the unique challenges of securing an institution that has over 50,000 students and which undertakes research that ranges from open data to personally identifying patient information. 16/08/2017 Data & Information Governance Office 1
  • 3. Fast facts 16/08/2017 Data & Information Governance Office 2
  • 4. The Group of Eight (Go8) is a coalition of leading Australian universities, intensive in research and comprehensive in general and professional education. The Global Alliance of Technological Universities is a network of the world’s top technological universities APRU is a network of 45 premier research universities from 16 economies around the Pacific Rim. Universitas 21 is the leading global network of research-intensive universities. The PLuS (Phoenix London Sydney) Alliance combines the strengths of three leading research universities on three continents to develop innovative solutions to these challenges in global health, social justice and sustainability while progressing the responsible innovation of advanced technologies Alliances 16/08/2017 Data & Information Governance Office 3
  • 5. 16/08/2017 Data & Information Governance Office 4
  • 6. Diverse user community 16/08/2017 Data & Information Governance Office 5
  • 7. 3 realms of data 16/08/2017 Data & Information Governance Office 6 Learning & Teaching Research Administrative Enterprise systems Local Faculty-based systems Systems of record Learning Management Lecture recording MOOCs Research data Publications
  • 8. Cultural issues Academic freedom Inventing the future We know what we’re doing I’ve got a PhD and you don’t 16/08/2017 Data & Information Governance Office 7
  • 9. 16/08/2017 Data & Information Governance Office 8 Cybersecurity and enterprise risk management are a key focus for Council and Management Data & information governance are a key foundation for cybersecurity Cybersecurity and enterprise risk management are a key focus for Council and Management
  • 10. Data & information governance are a key foundation for cybersecurity Management 16/08/2017 Data & Information Governance Office 9 Data & information governance are a key foundation for cybersecurity
  • 11. 16/08/2017 Data & Information Governance Office 10
  • 12. 16/08/2017 Data & Information Governance Office 11
  • 13. 16/08/2017 Data & Information Governance Office 12
  • 14. Responses to the hack War room Perimeter defences Visibility at Council level Risk register Appointment of dedicated Info Sec resources 16/08/2017 Data & Information Governance Office 13
  • 15. Threats 1. Phishing, Whaling/Spear Phishing 2. Ransomware 3. DDOS/Zombie botnet armies 4. Big data 5. Ignorance 16/08/2017 Data & Information Governance Office 14
  • 16. 16/08/2017 Data & Information Governance Office 15
  • 17. Work plan 16/08/2017 Data & Information Governance Office 16 Setup policy framework Re-establish Data Governance Committees Establish Data Ownership structure Identify ‘Crown Jewels’ Implement Data Classification Implement System Classification Implement ISMS Implement Business Glossary Tool Implement Data Quality Process Implement Internal Data Sharing Agreements Implement Reference Data Management Implement Master Data Management Done PlannedKey: In progress
  • 18. The 4 dimensions Framework: • provides enterprise wide roles and responsibilities to be accountable for decisions related to data assets • establishes policies & procedures to manage the data assets • provides diverse tools for managing operational data tasks UNSW Data Governance Framework focuses on the oversight, guidance and quality of enterprise data assets enabled through People, Policies, Procedures and Tools Policies are high level statements that provide context for strategic decisions relating to the data assets People are members of UNSW governance bodies, which hold the authority for decision relating to data assets Tools are pre-prepared objects that support people carrying out procedures Procedures are specific instructions designed to ensure policy is followed and outcomes are measurable Workflow for Approval Checklists Issues Register Data Profiling Data Sharing Data Reporting Regulatory Compliance Data Asset Prioritisation Data Exchange Agreements Data Process Flow Data Integration Data Security Strategic Drivers Dimensions Enterprise Oversight of Data Enterprise Guidance on Data Enterprise Quality of Data Performance Metrics Policies Procedures Tools Data Executives Data Owners Data Stewards People Data Creators/ Data Specialists 1 2 3 4 16/08/2017 Data & Information Governance Office 17
  • 19. Alignment - Legal, Privacy, IT & Info Sec Mar-2017 Data & Information Governance 18 Information literacy Data driven improvements Policies & Standards Information Quality Privacy, Compliance, Security Architecture, Integration Establish Decision Rights Stewardship Assess Risk & Define Controls Consistent Data Definitions Adapted from University of Wisconsin Data Governance Framework
  • 20. Fundamentals Data ownership Data classification Data handling guidelines ISMS Standards 16/08/2017 Data & Information Governance Office 19 Boundaries between Data Governance & IT teams – collaboration is critical
  • 21. Data Classification 16/08/2017 Data & Information Governance Office 5 Data Classification Example Data Types Highly Sensitive Data subject to regulatory control Medical Children & Young persons Credit Card Research Data (containing personal medical data) Sensitive Student and Staff HR data Organisational financial data Exam material Exam Results Research Data (containing personal data) Private Business unit process and procedure Unpublished Intellectual property ICT system design & configuration information Public Faculty and staff directory information Course catalogues Published research data
  • 22. Data classification process 16/08/2017 Data & Information Governance Office 21 Apply the controls Apply data classification to the Information Asset Assess data risks Identify the Information Assets Identify the Data Owner
  • 23. ISMS 16/08/2017 Data & Information Governance Office 22 UNSW Faculties/Divisions/Affiliates Critical Apps Critical Apps Critical Apps Critical Apps CMDB Cloud/Internet Faculty Security Forums
  • 24. Security approach Data Collection & Validation or Verification Reporting of potential threats/risks and compliance – e.g. Heat maps to Security Forums in each Faculty Risk Workshops Mitigation action plans Ongoing Compliance Maintenance Process 16/08/2017 Data & Information Governance Office 23 Goal: Standardisation of cyber security management processes across UNSW
  • 25. 16/08/2017 Data & Information Governance Office 24
  • 26. What we’ve learned so far 1. Methodically build up info sec layers 2. Every day do one thing better 3. Data governance matters 4. Info sec is a team sport 16/08/2017 Data & Information Governance Office 25
  • 27. Thank you Kate Carruthers k.carruthers@unsw.edu.au 16/08/2017 Data & Information Governance Office 26