Organizations of all sizes handle a large amount of data that must be kept private.
In security, data vulnerabilities are often mapped in a model known as the data lifecycle. Each stage of the data lifecycle plays an important role in the security controls that are put in place to maintain the CIA Triad of information.
The data lifecycle is an important model that security teams consider when protecting information. It influences how they set policies that align with business objectives. It also plays an important role in the technologies security teams use to make information accessible.
In general, the data lifecycle has five stages. Each describe how data flows through an organization from the moment it is created until it is no longer useful:
- Collect
- Store
- Use
- Archive
- Destroy
Data governance#
Data governance is a set of processes that define how an organization manages information. Governance often includes policies that specify how to keep data private, accurate, available, and secure throughout its lifecycle.
Effective data governance is a collaborative activity that relies on people. Data governance policies commonly categorize individuals into a specific role:
- Data owner: the person that decides who can access, edit, use, or destroy their information.
- Data custodian: anyone or anything that’s responsible for the safe handling, transport, and storage of information.
- Data steward: the person or group that maintains and implements data governance policies set by an organization.
Businesses store, move, and transform data using a wide range of IT systems. Data governance policies often assign accountability to data owners, custodians, and stewards.