Data governance – Part 1: Data centric security
Scope:
This Standard specifies minimum requirements for products and/or services providing data protection of digital assets at-rest, in-motion, and in-use across platforms (e.g., endpoints, mobile, cloud), facilitating secure sharing and collaboration across different IT systems within and between organizations.
Project need:
The Data Protection Market is driven by the growth of enormous amounts of data, the proliferation of devices, the need for data security and privacy, new regulations, and rising concerns of critical data loss in the on-premises environment.
There is a continuing need for organizations and governments to protect confidential and sensitive data of these critical sectors, relating to government, prime contractors, suppliers, personally identifiable information, client trade secrets, details on mergers and acquisitions, media assets, designs, Intellectual Property, which if it falls into the wrong hands can be detrimental to the organization. With existing and upcoming new regulations, in many cases, the onus to keep information secure weighs increasingly on organizations themselves, as a data breach potentially leads to high financial penalties. Aside from regulation penalties, other associated risks with data breaches include, the high cost of notification of data breach, allocation of resources to contain damage, reputation risk, litigation risk, and market value risk.
Government, industry, and civil society at large continue to voice the demand to shift focus from reactive strategies (monitoring, audit logging) to more preventative strategies (e.g. Data Leakage Prevention / Information Rights Management). Sensitive information no longer lives solely within an organization’s IT perimeter. Increasingly so with BYOD, employees working from home, the move to Cloud hosted solutions, and the necessary sharing of information with 3rd party partners.
Note: The information provided above was obtained by the Standards Council of Canada (SCC) and is provided as part of a centralized, transparent notification system for new standards development. The system allows SCC-accredited Standards Development Organizations (SDOs), and members of the public, to be informed of new work in Canadian standards development, and allows SCC-accredited SDOs to identify and resolve potential duplication of standards and effort.
Individual SDOs are responsible for the content and accuracy of the information presented here. The text is presented in the language in which it was provided to SCC.