Site Loader

INDUSTRY PRACTICE WEEKLY TASK-2
17/09/2018
ARA Institute of Canterbury
Nidhi Modi
Reading One
Title of source
Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2018). Data governance taxonomy: cloud versus non-cloud. Sustainability, 95, 1-26.

What is the main point of this source?
The main focus of the source is to effectively resolve all the problems related to data by implementing data governance. This source has provided detailed information about data governance by using taxonomy approach for both cloud and non-cloud. This source has explained a new taxonomy approach, which is used to elaborate different attributes of data governance as it helps to gain knowledge, helps the researcher and focus onto taking quick decision in order to understand the important factor that have to be considered while implementing data governance. In contract with other governance domains, this article also defines the concept of data governance.

As per the article, there are new governance domain that are emerging in the market which includes corporate governance, IT governance, information governance and the recently introduce governance domain is cloud computing domain. In order to differentiate all the domain it is mandatory to understand how they are linked to each other. The following is the diagram which shows interrelations between different governance domains.

Fig. 1 The interrelations between governance domains. CITATION Placeholder3 p 9 l 5129 (Majid Al-Ruithe E. B., 2018, p. 9)
Corporate Governance: This is the most important governance as it helps to make sure that the business work environment is fair and transparent. On the other hand, there is weak corporate governance which leads to the misunderstanding, mismanagement, wastage of time and hence introducing corruption.
IT Governance: As It is booming in the market and hence concept of IT governance became important for an organization. IT governance is the process of constituting responsibility, authorities, communication, policies and standards. According to the source, IT governance and corporate governance are inter-related to each other as, corporate governance provides the initial starting point for IT governance.

Information governance: The main objective of this section is to enhance the effectiveness and speed of the process and decisions. It also helps to minimize the effective cost and risk factor of the organization. The Author of the source clarifies that information governance is subdivision of corporate governance. However, many organizations have not clarified their understanding between the functionality of information governance and IT governance.

Cloud Governance: It is new governance that has been evolved in IT field. It is used to manage factors such as availability, security and privacy. The core of cloud governance is concerned more about the relationship between the provider and the consumer.
As per the literature review carried out by the author of this source, is that data governance can be the most effective and challenging among all other governance domain.

The source has explained data governance structure, data governance function, cloud deployment model, cloud service delivery model, cloud actors and data governance taxonomy. All these factors are helpful for understanding and implementing data governance in cloud computing service. It is essential for the organization to design cloud governance structure in order to make sure that the roles and responsibility are properly addressed within the organization. The following is the diagram of cloud data governance structure.

Fig. 2 Cloud data governance structure. CITATION Placeholder4 p 13 l 5129 (Majid Al-Ruithe E. B., 2018, p. 13)
The structure helps the organization to analyze the roles and responsibilities within the company. According to the author of this source, there are several similar roles that are identified which include executive sponsorship, data management committee, compliance committee, data stewardship team, cloud manager, cloud provider member, IT member and legal member.
The other factor that the author of this source has explained in the source is the data governance function. The following is the diagram of cloud data governance function.

Fig. 3 Cloud data governance function. CITATION Placeholder5 p 14 l 5129 (Majid Al-Ruithe E. B., 2018, p. 14)
The functions of the data governance should be taken into account while implementing the data governance in cloud computing. This will help to establish standards, policies and process in order to make sure that the data is secure and accurate. Hence, the team of data governance should consider all the factors in order to address the cloud service provider and consumer. In order to implement data governance in cloud computing requires transparency in order to make appropriate decision. The result from the cloud data governance include processes, standards, principals, procedures, compliance, transformations, integrations, management, auditability, transparency.
The title of the source is appropriate and clear as it gives clear information about the taxonomy approach of both cloud and non-cloud version. It gives a comprehensive standard and framework for implementing data governance in an organization. The objective of the title is clear because it provides data management solution in order to implement data governance in cloud by using taxonomy approach for both cloud and non cloud computing network.
What questions does this source raise?
The source has raised the following questions.

How the challenges and problems can be handled by the organization?
How the taxonomy approach can be implemented in the real world by any organization?
Are the taxonomy approach globally accepted by all the organization?
Are there any specific method for implementing data governance in cloud computing?
Are the approach given in the article is validated by the specialist and practitioners?
Are the taxonomy approach is a framework? If yes, how is it specialized?
Are the information provided in the article is enough to get the broader knowledge about data governance or is further advance research is needed?
How the limitations can be overcome in an organization?
Are there any methods applicable for deploying data governance, as this section is still under-development and under-research?
How can any organization build a standard strategy for implementing data governance?
How to implement analytic theory in real world within the organization?
How does this source relate to my question?
The source provides the knowledge on data governance, it also highlights the topic that are related to the scenario. It also helps to answer all the questions that are mentioned below.

What is importance of data governance in cloud computing?
What approach/strategy can be used to implement cloud data governance?
What is the important element that should be considered while implementing data governance?
The source has explained the importance of data governance in any organization. The author of this source states that the problem of data security can be effectively managed by implementing data governance. There is another solution that the source has mentioned is the use of data management solutions but this becomes very costly and difficult to manage the data complexity. Hence, different other options are required which is cost effective therefore, organizations believe that the only possible way to solve the problem is to effectively implement data governance. The source also states that implementation of good data governance framework can help the organization to build up clear enough mission, vision, increase the confidence within the organization and defining the measurable success.

The author of the source has mentioned taxonomy approach for both cloud and non-cloud computing networks. These taxonomies are supported by the result of systematic literature review (SLR) which basically offers different factors such as structure, method and multiple approach to understand the the state of art of research in data governance. The main purpose of the approach is to describe different attributes of data governance as it is expected to help the researcher in order to make effective decision and understanding different factors such as cost, research etc. that need to be taken into account for implementing the approach/strategy. The following is the diagram of data governance taxonomy.

Fig. 4 Blocks of data governance taxonomy. CITATION Placeholder6 p 14 l 5129 (Majid Al-Ruithe E. B., 2018, p. 14)The figure above shows the two main classes of data governance which are considered as sub-taxonomies. As this taxonomy is used for the implementation of cloud and non-cloud, hence, data governance for non-cloud computing service is named as traditional data governance and data governance for cloud computing is termed as cloud data governance.

Traditional data governance: The research carried out on traditional data governance is insufficient and it becomes difficult to come up with the single standard approach. Hence, different organization has different views and therefore, author of the source have come up with identifying the common aspects of the data governance. Hence, traditional data governance can be further classified into different categories such as technology, policy and processes and people and organizational bodies.
Cloud data governance: Cloud data governance is one of the major aspects of cloud computing and it is further classified into responsibilities, communication, labelling and policies. It mostly focuses onto accountability and interoperability
The author of the source states that one of the main key element that all the organization must consider is to implement service level agreement (SLA). It is basically an agreement that act as an initial stage for establishing relationship between the cloud consumer and the provider. This agreement states that what kind of services will be provided, what is the procedure and what are the consequences if the expectations of the consumer are not as per their requirements. Hence, it is important to have a negotiable contract between the consumer and the provider. It sets a guideline and policy which make it easier for the organization while implementing data governance. The SLA for cloud data governance includes data governance function, data governance requirements, roles and responsibilities, data governance metrics and tools.
How does this source relate to the scenario?
The source is related to the scenario of the Guardian Pacific. In the case study, Guardian Pacific has planned to move data from on-premise to cloud computing service. The Guardian Pacific is considering different policies of data governance in order to ensure that data is accessible, cost efficient and secured while embracing cloud infrastructure in Guardian Pacific.

The source has explained and discussed about different approaches and other aspects that must be beneficial for Guardian Pacific for developing data governance policies and procedures.

The other important aspects that the author of this source have explained is data governance function, data governance structure, Service level agreement, cloud actors, organizational context and monitor matrix. All these factors can be implemented by Guardian Pacific as they are planning to transfer data from on-premise to cloud. Hence, all these factors will help Guardian Pacific to get brief ideas about cloud computing service by using data governance.

SLA is beneficial for Guardian Pacific as the organization is planning to embrace new technology and hence service level agreement will help Guardian Pacific to understand what type of service will be provided and what the process is. Hence, making it easier for Guardian Pacific to transfer data to cloud.

Provide the most striking quotation from this source.

“Despite its recognized high importance, data governance is still an under-researched area and less practiced in industry”. (p. 2)
The above quote is the most striking quotation from the source as the author of this source explains the importance of data governance but on the other side it also defines that there is lot of research and practice required in future in order to implement data governance in industry. The data governance is still under-researcher and not practiced well within the organization.
What evidence exists of bias and controversy?
For the purpose of the article, the author of this source has undertaken literature review in order to understand the concept of data governance. It also states that different search methods were used which includes: Google Scholar, Staffordshire e-resources Libraries, Saudi Digital Library, and the British Library (Ethos). The entire research is based on referring 52 articles which are categorized into the tabular format. A very structured process is followed because its selection process is based on four stages in order to select the most relevant information from 52 articles. Hence, the research methodology does not seem to be bias or controversy as it has followed well structured process.

What readings does this source refer to that may be useful?
Al- Ruithe, M.; Benkhelifa, E.; Hameed, K. Current State of Cloud Computing Adoption—An Empirical Study in Major Public Sector Organizations of Saudi Arabia (KSA). Procedia Comput. Sci. 2017, 110, 378–385.

Cheong, L.K.; Chang, V. The Need for Data Governance: A Case Study. In Proceedings of the 18th Australasian Conference on Information System, Toowoomba, Australia, 5–7 December 2007; Volume 100, pp. 999–1008.

Reading Two
Title of source
Al-Ruithe, M., & Hameed, K. (2017). Analysis and Classification of Barriers and Critical Success Factors for Implementing a Cloud Data Governance Strategy. Procedia computer science, 113,223-232.

What is the main point of this source?
The main focus of the source is to give information about the barriers and critical success factor (CSF) which will help the organization to establish and implement strong and successful framework for cloud data governance. The source also states that the implementing good data governance in the organization will help the organization to have a clear mission, achieve clarity and increase confidence of using the organization crucial data. The author in the source has further classified the barriers of cloud data governance into eight sections.

Fig 1 Barriers of cloud data governance. CITATION Placeholder2 p 227 l 5129 (Majid Al-Ruithe, 2017, p. 227)According to the source, designing and implementing data governance in an organization is very complex and in order to change it and make it less complex it totally depends on roles and responsibilities within the organization. For minimizing the complexity the author of the source has addressed to analyze the common barriers. Initially, technological, organizational, legal, policy, financial and knowledge were reported as the main common barriers but thereafter, author of this source reported that organizational and technical issues are more critical ones.

The author of the source further elaborates and categorized barriers into organizational and technological.
Organizational factors: The main focus area of this factor is to have a clear idea of roles and responsibility, business and IT alignments and executive sponsorship.
Technological factors: This factor includes computerization of data integration life cycle in order to fulfil the goals of data governance.

The source also defines the importance of implementing data governance by designing framework which is based on three elements which consist of multiple questions.

Structure: There are various questions that the organization can think of before designing framework. The questions are as follows.
Who is authorized to take certain decision?
What structural organizations need to be created?
Who are the participates in this organization?
What are the responsibilities?
Process: Process related questions must be cleared while implementing framework. The questions are as follows.

How are data related decision made?
What is the process of making decision?
Going through and accepting data that are related to investments.

How the investments are prioritized?
Communication: The following are the questions related to communication.

How the output of process and decisions are monitored, measured and communicated?
What instruments are used to communicate investment decisions to stakeholders?
According to the source, in order to implement cloud governance successfully it is important to design and implement a framework in order to achieve consistency, transparency and repeatability. It also helps to improve customer and partner relationship and increase the opportunities. The framework that the author of the source has discussed in the source is the critical success factor (CSF) conceptual framework. The following is the simplified diagram of CSFs conceptual framework.

Fig. 2 A Conceptual Cloud Data Governance CSFs Identification Framework. CITATION Sal10 p 229 l 5129 (Majid Al-Ruithe, 2017, p. 229)
The main purpose of implementing the framework is to analyze critical success factors for implementing cloud data governance. This framework will help the organization to improvise the decision making process by evaluating different CSFs that may affect the strategy of cloud data governance. The framework is categorized into four factors, which are.

Cloud data governance strategy formulation.

Cloud data governance CSFs
Cloud data governance CSFs evaluation
Cloud data governance strategy implementation
The title of the source is appropriate and clear as the information provided in the source is relevant to the title. The article attempts to analyze all possible barriers and critical success factors (CSF) for implementing cloud data governance and it also communicates all the information effectively by using conceptual framework and processes.
What questions does this source raise?
According to the literature review carried out by the author of this source, it states that data governance is complex, how is it possible for the organization to make it simple and easy to implement?
Are the barriers mentioned in the article are globally accepted and practically applied by any organization?
Are the 3 element mentioned in the article are enough to design a complement framework or more elements need to be added?
How to implement cloud data governance CSFs identification framework in any organization?
According to the source, the author states that 41% of security problem in cloud computing is related to governance. Therefore the question is how to get security in cloud by using governance?
How to increase the knowledge of cloud data governance in organization?
Are the 3 elements specified in the research are globally accepted by all organization?
How the author of the source has evaluated the ten critical success factors for data governance? What methodology has been used? How the author of this source ended up with the list of ten critical success factors?
How does this source relate to my question?
The source has defined all the important topics that are necessary for the organization to understand those points i.e. some barriers and critical success factors while adopting and implementing data governance. The source also discusses some steps and process that the organization should consider while making policies for data management in cloud computing. The following are the questions that are related to the source article.

What is data governance and why is it important?
What framework is used for deploying cloud in an organization?
What are the barriers to implementing cloud data governance?
The author of the source states that data governance it totally refers to the right decision and responsibilities regarding managing the data of the organization. It also states that a good understanding about data governance will in further helps the organization to have some changes such as organizational structure, people, technology, process, roles and responsibilities. However, using cloud computing is one the great challenge that the organization has to face when they have to move their data from on-premise to cloud computing service. Hence, after rigorous research by the author of the source, it states that data governance is the best solution to the problem of data migration as it helps to increase the confidentiality, integrity and quality. Good data governance can guide the organization to have a clear mission, achieve clarity, increase confidence, analyze scope and focus on maintaining the success.
The author of the source has discussed about the simplified cloud data governance critical success factor (CSF) conceptual framework, as the main purpose of using this framework is to identify the critical success factors for cloud data governance while implementing strategy, strategy formulation and approach. The implementation of this framework will help the organization in making decision process by analyzing different critical success factor that affects the clod governance strategy. The framework mainly focuses on four elements which includes Cloud Data Governance Strategy Formulation, Cloud data governance CSFs, Cloud Data Governance CSFs Evaluation and Cloud data governance strategy implementation.
The researcher have identified different barriers for implementing cloud data governance strategy and it can be classified into eight elements which includes organizational, knowledge, environmental, technological, functional, cultural, human and financial. As per the researcher, organizational and technical issues are more critical and should be considered while implementing data governance in any organization. The following are the factors that make those eight elements as the major barriers in an organization.

Organizational: The author of the source has marked organization as the barrier to cloud data governance because of the lack of focus on data governance mission, vision, communication plan, management plan and lack of time.

Knowledge: The knowledge is the barrier to data governance as many organizations are unaware of cloud data governance, lack of training on data governance and lack of understanding of how to build the plan and how to start.
Environmental: Environmental is one of barrier because of lack of regulation and cloud data governance is not build according to the service level agreement of cloud service.
Cultural: The cultural is the barrier but it is least important and do not have much impact on to the organization. The main reason that the author of the source has listed this as the barrier because the cloud data governance is not part of the organization culture.
Human: The main reason for having human as the barrier because of the lack of people to support data governance, people having fewer skills about implementation of cloud data governance and lack of executive and stakeholders support.

Financial: Finance is one of the biggest concerns in an organization due to lack of financial support.

Functional: The reason behind considering functional as one of the barrier is due to lack of focus on policies, procedure and defined roles and responsibilities.
Technological: Technological barrier is due to lack of technology understanding, complexity in using the technology, complex cloud computing deployment model and lack of mechanism to implement data governance.
How does this source relate to the scenario?
The source is related to the scenario of the Guardian Pacific. In the case study, Guardian Pacific has planned to move data from on-premise to cloud computing service. The Guardian Pacific is considering different policies of data governance in order to ensure that data is accessible, cost efficient and secured while embracing cloud infrastructure in Guardian Pacific.

The source has explained conceptual critical success factor (CSF) framework which can help the Guardian Pacific to understand policies and procedure while implementing data governance in order to ensure security, cost, usability, availability and integrity.

The source is related to the current scenario of Guardian Pacific as it provides general information about the potential barriers. These barriers can act as obstacle for implementing cloud data governance. According to the present scenario of Guardian Pacific, they are facing technological, human, knowledge and organizational barrier.

Guardian Pacific must follow the four dimension framework elements that will help the organization to overcome the barriers that are mentioned above.

Guardian Pacific must use basic three elements for designing framework which includes structure, process and communication. Therefore, understanding these three elements can help Guardian Pacific to implement good data governance in an organization.

Provide the most striking quotation from this source.

“While security shows to be the most cited challenge to cloud adoption, show that 41% of the security problems in the cloud are related to governance and legal issues”. (p. 224)
The above quotation is the most striking as it gives the overall percentage of the security problem. It states that there are large number of security problem in cloud are related to governance and legal issues which shows that many organization are still struggling to effectively implement data governance. Hence, it requires a lot of research and rigorous data governance strategies.
What evidence exists of bias and controversy?
The article states that the research is covered between the periods from 2000 till 2017. The information stated into the article is totally based on 52 records which are based on data governance which is further categorized into four stages. Thereafter, the output of the research is presented in a systematic way into a graph format for better understanding and hence, it is not biased towards researching only about cloud. The graph has proper view of both cloud and non-cloud computing between the periods from 2000-2017. This shows that most structured way of research was carried out by the researcher and hence this does not seems to be bias or controversy in the source.
What readings does this source refer to that may be useful?
Imhanwa S, Greenhill A, Owrak A. Designing Data Governance Structure: An Organizational Perspective. GSTF J Comput. 2013;4(2):1-10. doi:10.5176/2251-3043.
Beach T, Rana O, Rezgui Y. Governance Model for Cloud Computing in Building Information Management.pdf. 2015;8(2):314-327.
Reading Three
Title of sourceSalido, J. (2010). Data Governance for Privacy,Confidentiality and Compliance: A Holistic Approach. ISACA Journal, 6, 1-7.

What is the main point of this source?The main focus of the source is to propose effective data governance for privacy, confidentiality and compliance. As organization is growing the process of collecting, storing, processing and exchanging large amount of data also increases and hence, there is increase in challenges in the area of security, data privacy and meeting compliance obligations. Therefore, in order to overcome these challenges the researcher has mentioned the need for holistic approach. The source has stated an approach where they do not have to modify or replace the existing process rather, it augments them by establishing additional roles, responsibilities, tools and task that will help the organization in order to prevent their crucial data amuse compliance obligation.

The author of the source has presented data governance for privacy, confidentiality and compliance (DGPC) framework that is developed by Microsoft in order to create a program that will address the three objectives which includes traditional IT security, privacy related protection and data security and privacy compliance. The main aim of using this framework is as follows.

DGPC framework will help to identify threats against privacy which includes customers decisions and with their permission with respect to what type of data are to be collected and how they can be used and processed further.

DGPC framework helps to identify and managing security and privacy risk that re related to the data that need to be protected by using some protective measures and control that need to be developed in order to cover the gaps.
The main feature of implementing DGPC framework is that it works with the existing IT management and security standards such as ISO/IEC 27001/27002 and with control framework such as COBIT.

DGPC FRAMEWORK COMPONENTS
The DGPC framework has three main areas of component which includes people process and technology.
People: It is in initial stage where it is important to establish DGPC team within the organization who can perform their respective given task. These teams will be given clearly defined roles and responsibilities along with these adequate resources will be provided so that they can perform their task very well in order to achieve the objectives of data governance.
Process: After DGPC team is formed the next step is to create the required process. In order to create the process the initial task is to examine different authority documents such as standards, policies and strategy documents and regulations that will help the organization to meet the requirements. Therefore, in order to generate necessary requirements for the organization it is mandatory to define and follow the guiding policies and principles. In this stage the organization must identify the threats that are related to security and privacy and determine control objectives.
Technology: The source has defined an approach where the organization can examine the flow of data and identify the risks that are related to the data flow, that the risk management team fails to address. This approach includes using risk/gap analysis matrix which is built using three elements which includes the information life-cycle, four technology domain and data privacy and confidentiality principle.
INFORMATION LIFE-CYCLE
The organization should first understand how the information flows throughout the organization, how much is it taking to complete the process and how information is accessed and then process to the next stage of the transaction. It is beneficial if the organization can understand the risk in all the stages which the life-cycle as it helps to clarify and safeguard the risks. The following is the diagram of information life-cycle.

Fig. 1 Information life cycle. CITATION Sal10 p 3 l 5129 (Majid Al-Ruithe, 2017, p. 3)Whenever the data is moved, coped or removed from the storage which is indicated as part of the transferring data this means that new information life cycle has started. The author of the source states that it is important to make sure that the data transferred are secured and do not have any privacy problem as they do it for the original set of data. Hence, in order to do this operations, private networks plays a very important role such as internet.

In the organization both the departments as well as individual people use information for the purpose of reports or extract data from database. This can be done by using desktop data-mining and various different analysis tools that will help to generate reports and save data in spreadsheet. Thereafter, these files can easily be transferred through e-mails or it can it saved in desktop or can be transferred to portable USB.

TECHNOLOGY DOMAIN
The organization should ensure that the technology that safeguards the data confidentiality, integrity and availability are enough in order to minimize the risk. The following are the four domains.

Secure infrastructure: It is used to safeguard confidential information with the help of technology infrastructure that can protect computers, drivers and operating systems with some unwanted malware or hackers.
Identify and access control: Identify and access control management tool is used to protect all the personal information from the unauthorized users or hackers. It uses various mechanisms to perform this operation which includes authentication mechanism and promising systems.

Information protection: Organization data is very important and they need to secure their data which is stored in database or other storing mechanism by using document management system and follow guidelines.
Auditing and reporting: Technologies are used for managing system and monitoring of compliance control that are useful for verifying the system and identifying noncompliant activity.

DATA PRIVACY AND CONFIDENTIALITY PRINCIPLES
The following are the four principles that are used to help the organization to select the process and technologies in order to safeguard their confidential data.

Develop policies through confidential data span.

Reducing unauthorized access risk or misuse of authorized data by unknown person.

Reducing the impact of confidential data.

Demonstrate the effectiveness of document applicable controls.

THE RISK/GAP ANALYSIS PROCESS
There are five steps in order to identify the risk/gap in an organization are written below.

Fig. 2 Risk/gap analysis process. CITATION Sal10 p 5 l 5129 (Majid Al-Ruithe, 2017, p. 5)Establish risk analysis.

Performing thread modeling.

Analyzing risk.

Determining risk treatment.

Evaluate effectiveness.

The title of the source is appropriate and clear as it gives clear information about the framework and the domain. According to the title the author of the source has discussed about the privacy, confidentiality and compliance related issue. The source has also included framework which defines privacy, confidentiality and compliance of data, information life cycle to understand the flow of the data and risk/gap analysis matrix which defines the steps to identify the risk/gaps. The purpose of the article is clear as it focuses on providing a holistic approach to achieve data governance.

What questions does this source raise?
Is the framework mentioned in the source applicable to the existing management system?
Is the DGPC framework practically applicable in the real world?
Does the DGPC framework globally accepted by all organization?
How the risk/gap matrix is unique in order to determine the threats?
Are the steps mentioned in the risk/gap matrix practically applicable in an organization?
Are the three objectives mentioned in the source are enough to meet the requirements of the organization or more objectives need to be added?
How the holistic approach is implemented in an organization?
Are the DGPC framework component are applicable for identifying threats and risks?
How can an organization standardized strategy for privacy, confidentiality and compliance?
How IT professionals can use information life cycle? And what work does each stage perform?
Are the principles mentioned in the source will help the organization to protect their confidential data? Is it applicable in the real world?
How does this source relate to my question?
The source has defined various other elements that are beneficial for the organization to implement data governance for privacy, confidentiality and compliance. The author of the source has also elaborated DGPC framework, risk/gap analysis process, DGPC framework components, information life cycle, technology domains, data privacy and confidentiality principals. This source will help to answer the questions that are mentioned below.

How can organization determine risk in data process?
What are the principles that can be used to ensure data privacy and confidentiality?
How to get data privacy, confidentiality and compliance in data governance?
What are the technology domains that can be used by an organization?
The author of the source has defined risk/gap analysis matrix which helps the organization to identify gaps/risks in their existing system in order to ensure that privacy, confidentiality and compliance of data. This matrix is the combination of information life cycle, technology domain and data privacy and confidentiality principle. For analyzing the gaps in an organization the source has mentioned five steps which includes establishing the risk analysis context, perform thread modeling, analyzing risk, identifying mitigation measures and evaluating the effectiveness of mitigation measures.

The source has discussed about the four main principles that will help the organization to select appropriate technology and activity that will protect the data and improve the data process in order to implement data governance effectively. The four principles are as follows implement policies through confidential data process, reduce the risk of unauthorized accessing the confidential data or misusing it, reduce the risk of data loss and its consequences and implement and follow the procedure and describe its effectiveness.

The source has described DGPC framework which is designed by Microsoft in order to ensure privacy, confidentiality and compliance of data. This framework it helps the organization to implement this DGPC framework into the existing management system rather than replacing or removing the existing management system. The framework has three main components which includes people, process and technology. It will also help the organization the create policy, understand the threats and implement process to resolve the risk.
The source has explained about the technology domains in an organization, it states that organization need to analyze that the technologies that are used is sufficient enough to safeguard their data confidentiality, integrity and availability. The source has further categorized the domains into four parts with respect to the context to this task that is mentioned above. The following are the technology domains: secure infrastructure, identity and access control, information protection and auditing and reporting.

How does this source relate to the scenario?
The source is related to the scenario of the Guardian Pacific. In the case study, Guardian Pacific has planned to move data from on-premise to cloud computing service. The Guardian Pacific is considering different policies of data governance in order to ensure that data is accessible, cost efficient and secured while embracing cloud infrastructure in Guardian Pacific.

Guardian Pacific can implement information life cycle which will help them to establish policies and understand the flow of data at different stages.

Guardian Pacific can use the risk/gap analysis matrix that will help them to evaluate risk and efficiently run the data governance structure.

Guardian Pacific can implement DGPC framework for implementing with the existing management system of Guardian Pacific in order to make it less complex for securing data.

Guardian Pacific can implement three DGPC framework components which include people, process and technology. These three components will help Guardian Pacific to initiate cloud computing process from beginning in order to avoid any issue and risk.

The source provides information about data privacy, confidentiality and compliance. Hence, Guardian Pacific can use this information in order to ensure privacy, confidentiality and compliance of data.

Guardian Pacific can implement data privacy and confidentiality principles that will help Guardian Pacific to select appropriate technology and activity that will safeguard their crucial data.
Provide the most striking quotation from this source.

“More than 60 percent of US data breaches in 2009 were attributed to lost or stolen laptops or media, organizations should closely monitor and protect such data transfers”. CITATION Ash16 p 3
y l 16393 (p. 3)The above quotation is the most striking one as it shows the carelessness of the organization towards data security. The quote also states that the organization does not have any proper process in order to monitor this unauthorized scenario. However, data is the most crucial aspect of data governance in an organization and hence, they have failed to provide with the best security service.
What evidence exists of bias and controversy?The author of the source states that “no other existing industry framework provides this combination of benefits and integration.” CITATION Placeholder1 p 2
y l 16393 (p. 2)The above statement shows that they are bias towards their product as it is natural enough to promote their own product and be partial towards their own designed product. The author of the source is seems to be more bias towards the DGPC framework which is designed by Microsoft. However, no further explanation or evidence is provided in the article which supports the statement that is given above. The author of the source has failed to provide the complete research method behind providing this information.
What readings does this source refer to that may be useful?Microsoft. (n.d). Microsoft – Official Home Page Website. Retrieved 09 16, 2018, from Microsoft website: https://www.microsoft.com/en-nz/.

The source is very well organized and it also provides whitepaper that is related to data governance for general data protection regulation (GDPR). It also explains successful implementation of data governance framework and strategies which will be helpful for the the report.

Post Author: admin