cfo-as logo
Story image

5 key questions to improve Big Data governance

14 Aug 2013

Big data, dubbed 'the new oil', can improve decision making, reduce time to market and increase profits.

Yet according to new guidance issued by ISACA, it can also raise significant risk, ranging from disastrous data breaches to privacy and compliance concerns.

“CIOs are often under pressure from the board and senior leadership to implement big data before proper risk management and controls are in place, in order to compete in the marketplace,” says Richard Chew, a developer of the ISACA paper.

“Big data provides an important opportunity to deliver value from information, but an enterprise will be more successful in the long run if policies and frameworks such as COBIT are put into place first.”

Named the Control Objectives for Information and Related Technology, COBIT is a framework created by ISACA IT governance, supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.

According to Privacy and Big Data, enterprises must ask and answer 16 important questions, including these key five, which Chew believes if ignored, could expose the enterprise to greater risk and damage:

1. Can we trust our sources of big data?

2. What information are we collecting without exposing the enterprise to legal and regulatory battles?

3. How will we protect our sources, our processes and our decisions from theft and corruption?

4. What policies are in place to ensure that employees keep stakeholder information confidential during and after employment?

5. What actions are we taking that create trends that can be exploited by our rivals?

As big data grows, do enterprises need a robust data privacy solution to help prevent breaches and enforce security in a complex IT environment?

“To streamline the governance, risk management and effective delivery of big data implementation projects, many enterprises are implementing COBIT, a customisable framework developed by global subject matter experts,” argues Yves LeRoux, chair of ISACA’s Data Privacy Task Force and technology strategist at CA Technologies.

“By using COBIT, enterprises can more easily identify sensitive data, ensure that the data are secured, demonstrate compliance with applicable laws and regulations, proactively monitor the data, and react and respond faster to data or privacy breaches.”

What do you think are the key questions to ask to improve Big Data governance? Tell us your thoughts below