Data Governance Flashcards

Flashcards for review of the Data Governance lecture notes.

What is the scope and initiation phase of deploying data governance?

Defining exactly “what” is governed. Determining if any business areas are exempt due to regulatory reasons or if DG would not be helpful due to its business model. Deciding to what levels of the organization new policies will extend.

What is the assess phase of deploying data governance?

Focused on the ability of the organization to govern and to be governed. Determine the current state of the mechanisms and processes an organization will be changing as data governance rolls out.

What is Information Maturity Assessment?

Determines an organisation's current state of maturity to utilize data and information in an advanced manner. Understand what the organization does with the content and information it produces.

What is Change Capacity Assessment?

Understand the organization’s ability to adapt to new/changing policies regarding the management of information assets, and provide an overview of where the DG program will run into resistance.

What is Collaborative Readiness Assessment?

Reviews the ability of the organization to operate in a cross-functional manner under a formal program of collaborative processes. The assessment will develop baseline knowledge of collaborative skills and abilities.

What is the goal of the vision stage in deploying data governance?

To achieve an understanding of what the data governance program might look like and where the critical touch points for DG might appear.

What happens during the Align and Business Value step in depoloying data governance?

The DG team will examine the business strategy and goals, and develop a link between DG and improving the organization in a financially recognizable way.

What is the Functional Design phase of deploying data governance?

The phase where the DG program actually starts to be specified and further details are developed as to how it will actually work.

What occurs during the Governing Framework Design phase of deploying data governance?

Determine core information principles, baseline DG processes to support business, identify/refine IM functions and processes, and identify preliminary accountability and ownership model.

What is the Road Map phase of deploying data governance?

The step where DG plans the details around the “go live” events of DG. The team will define the events that take the organization from a non-governed to a governed state for its data assets.

What is the Rollout and Sustain phase of deploying data governance?

The DG team works to ensure the DG program remains effective and meets or exceeds expectations. Publishing many of the artefacts that have been developed and stewards/owners start reviews and audits.

What are Regulations?

Policies that must be adhered to in order to play within the business environment the organization operates in.

What is the importance of regulatory compliance in business operations?

Ensures legal and ethical handling of data , avoiding penalties and maintaining trust.

What specifics do regulations usually refer to?

Fine-grained access control, data retention and data deletion, audit logging and sensitive data classes.

What is fine-grained access control?

Precise control over who accesses what data. Making sure you provide the minimal size of the container of the data (table, dataset, etc.) that includes the requested information, providing the right level of access and establishing how long an access should remain open.

What are the requirements for data retention?

A requirement to preserve data for a set period to allow financial fraud investigators to backtrack.

What is the purpose of audit logs in regulatory compliance?

Providing evidence of policy adherence.

What is sensitive data?

Categories requiring special treatment due to regulations, such as personally identifiable data about EU residents, financial transaction history.

What is data exfiltration?

Unauthorized or accidental transfer of sensitive data to untrusted third parties or insecure systems.

What are the methods of data exfiltration?

Malicious actors exploiting compromised accounts or Employees misusing access permissions.

How can data exfiltration be mitigated for Emails and Mobile Devices?

Limit transmission volume, audit metadata, scan content, and flag insecure attempts.

How can data exfiltration be mitigated for Downloading to Unsecure Devices?

Prohibit downloads, enforce access logs, and use dynamic watermarks.

How can data exfiltration be mitigated for Exploiting Virtual Machines (VMs)?

Restrict permissions, separate test/production datasets, and scan outbound data.

How can data exfiltration be mitigated for Employee Termination?

Integrate HR systems with security monitoring and set stricter thresholds for flagging unusual activities.

What are Virtual Private Cloud Service Controls (VPC-SC)?

Protects cloud-native data lakes and warehouses by creating secure perimeters and Ensures data access is limited to authorized VPCs and IPs.

What is the Zero-Trust Model?

Assumes internal networks are untrustworthy, relies on device and user credentials rather than IP-based access and Implements fine-grained, encrypted access with endpoint verification.

What does Authentication do?

Verifies the identity of users or systems accessing resources.

What are Authentication Credentials?

API (Application Programming Interface) Keys, Access Tokens (OAuth 2.0 client credentials) and Service Account Keys.

What does Authorization do?

Determines what actions authenticated users or systems are allowed to perform based on their identity and role.

What does Role-Based Access Control (RBAC) do?

Assigns roles to users or systems and grants permissions based on those roles.

What does Identity-Aware Proxy (IAP) do?

IAP provides a central authorization layer for applications accessed via HTTPS, enabling application-level access control instead of relying solely on network-level firewalls.

What are Policies?

Rules or guardrails that govern access to resources and dictate what actions users or systems can perform. Help enforce security and compliance standards across an organization.

What do Hierarchical Policies do?

Allow organizations to create and enforce consistent access control policies across different levels of the organization. Ensure that access control rules are applied uniformly and can be easily managed and enforced.

What is Data Loss Prevention (DLP)?

DLP involves implementing measures to prevent the unauthorized disclosure of sensitive data.

How do AI Methods assist in scanning and protecting sensitive data?

AI-based DLP tools can automatically scan tables and files to identify and classify sensitive information. Use built-in detectors and custom rules to detect patterns, formats, and checksums associated with sensitive data.

What does Encryption do?

Helps protect data from unauthorized access by encrypting it with cryptographic algorithms.

What is Encryption-at-Rest?

Encrypting data stored on disk or in databases to protect it from unauthorized access.

What is Encryption-in-Transit?

Encrypting data transmitted over networks to prevent interception by unauthorized parties.

What are Customer-Managed Encryption Keys (CMEK)?

Allowing organizations to use their own encryption keys to encrypt data stored in the cloud.

What is Differential privacy?

A framework for ensuring that the output of a data analysis does not reveal information about individual data points.

What is k-Anonymity?

Ensuring that aggregate data represents groups of at least k individuals to prevent identification.

What does Access transparency do?

Ensures accountability and oversight by providing visibility into who accessed data and when.

What is a business case?

A document that Provides justification for undertaking a project or program.

What does the data governance business case do?

Establishes the direction and priorities, as well as the benefits for the program

What are the directions that a busines case needs to show value?

Improvement in efficiency, increase in direct business contributors and reduction in risk.

Besides building your team, what are other steps to building a data governance business case?

Clarify the business imperatives and use cases, identify your challenges and Determine the required capabilities.

What are the theree major categories of use cases?

Grow the business (revenue focused), Run the business (cost focused) and Protect the business (risk focused).

What oten are the data challenges?

Difficulty finding data, Difficulty trusting data and Difficulty understanding data.

What does the financial template for each use case need to contain?

Business risk (for doing and not doing data governance), Business value (benefits for data governance) and Costs (current and future operational and capital costs for data governance).

What are the deliverables of the business case?

A document describing each business case, the business benefits for each, the processes and organizations impacted in each case, as well as the assumptions used to determine the benefits of each use case

What are some areas to record as data governance measurements of success?

Productivity, Revenue, Cost, Data quality , Data protection