DAMA, DMBOK CH7 DATA SECURITY

DAMA, DMBOK CH7 DATA SECURITY




Stakeholder-concerns---ans-✔✔Privacy-and-confidentiality-of-clients-information,-trade-
secrets

Stakeholder-concerns---ans-✔✔Business-partner-activity,-mergers-and-acquisition

Government-regulation---ans-✔✔Regulations-may-restrict-access-to-information,-acts-to-
ensure-openness-and-accountability,-provision-of-subject-access-rights...

Necessary-business-access-needs---ans-✔✔data-security-must-be-appropriate,-data-
security-must-not-be-too-onerous-to-prevent-users-from-doing-their-jobs,-Goldilocks-
principle.

Legitimate-business-concerns---ans-✔✔Trade-secrets,-research-&-IP,-knowledge-of-
customer-needs,-business-partner,-relationship-impending-deals.

Risk-Reduction---ans-✔✔Identify-sensitive-data-assets
Locate-sensitive-data-throughout-enterprise
Determine-how-to-protect-each-asset
Identify-how-this-information-interacts-with-business

Business-growth---ans-✔✔Robust-information-security-enables-transactions-and-builds-
customer-confidence.

Security-as-an-Asset---ans-✔✔If-a-common-standard-is-enforced,-this-approach-enables-
multiple-departments,-business-units,-and-vendors-to-use-the-same-Metadata.

Security-related-Metadata---ans-✔✔A-strategic-asset,-increasing-the-quality-of-
transactions,-reporting,-and-business-analysis,-while-reducing-the-cost-of-protection-and-
associated-risks-that-lost-or-stolen-information-cause.

Data-security-goals---ans-✔✔-Enabling-appropriate-access-and-preventing-inappropriate-
access-to-enterprise-data-assets
-Enabling-compliance-with-regulations-and-policies-for-privacy,-protection,-and-
confidentiality
-Ensuring-that-stakeholder-requirements-for-privacy-and-confidentiality-are-met

, Data-security-principles---ans-✔✔-Collaboration
-Enterprise-approach
-Proactive-management:
-Clear-accountability
-Metadata-driven
-Reduce-risk-by-reducing-exposure

vulnerability---ans-✔✔is-a-weaknesses-or-defect-in-a-system-that-allows-it-to-be-
successfully-attacked-and-compromised---essentially-a-hole-in-an-organization's-
defenses.-Some-vulnerabilities-are-called-exploits.

Threat---ans-✔✔is-a-potential-offensive-action-that-could-be-taken-against-an-
organization.-Threats-can-be-internal-or-external.-They-are-not-always-malicious.

Data-security-organization---ans-✔✔-Secure-distributed-computing-frameworks
-Secure-data-storage
-Protect-your-data
-Do-not-miss-audits
-Secure-hardware-and-software-configurations

The-Four-A's---ans-✔✔-Access
-Audit
-Authentication
-Authorization
-Entitlement

Monitoring---ans-✔✔Systems-should-include-monitoring-controls-that-detect-unexpected-
events,-including-potential-security-violations.

Active-and-real-time-monitoring---ans-✔✔Alerts-the-security-administrator-to-suspicious-
activity-or-inappropriate-access.

Data-integrity---ans-✔✔Is-the-state-of-being-whole---protected-from-improper-alteration,-
deletion,-or-addition.

Hash---ans-✔✔Type-of-encryption-that-uses-algorithms-to-convert-data-into-a-
mathematical-representation.

Private-key---ans-✔✔Encryption-that-uses-one-key-to-encrypt-the-data.-Both-the-sender-
and-the-recipient-must-have-the-key-to-read-the-original-data

Public-key---ans-✔✔Encryption-where-the-sender-and-the-receiver-have-different-keys.-
The-sender-uses-a-public-key-that-is-freely-available,-and-the-receiver-uses-a-private-key-
to-reveal-the-original-data.