Data Protection: Governance, Risk Management, and Compliance / Edition 1
by David G. Hill
Failure to appreciate the full dimensions of data protection can lead to poor data protection management, costly resource allocation issues, and exposure to unnecessary risks. Data Protection: Governance, Risk Management, and Compliance explains how to gain a handle on the vital aspects of data protection.
The author begins by building the foundation
/b>… See more details belowOverview
Failure to appreciate the full dimensions of data protection can lead to poor data protection management, costly resource allocation issues, and exposure to unnecessary risks. Data Protection: Governance, Risk Management, and Compliance explains how to gain a handle on the vital aspects of data protection.
The author begins by building the foundation of data protection from a risk management perspective. He then introduces the two other pillars in the governance, risk management, and compliance (GRC) framework. After exploring data retention and data security in depth, the book focuses on data protection technologies primarily from a risk management viewpoint. It also discusses the special technology requirements for compliance, governance, and data security; the importance of eDiscovery for civil litigation; the impact of third-party services in conjunction with data protection; and data processing facets, such as the role of tiering and server and storage virtualization. The final chapter describes a model to help businesses get started in the planning process to improve their data protection.
By examining the relationships among the pieces of the data protection puzzle, this book offers a solid understanding of how data protection fits into various organizations. It allows readers to assess their overall strategy, identify security gaps, determine their unique requirements, and decide what technologies and tactics can best meet those requirements.
Product Details
- ISBN-13:
- 9781439806920
- Publisher:
- Taylor & Francis
- Publication date:
- 08/10/2009
- Pages:
- 330
- Sales rank:
- 1,183,300
- Product dimensions:
- 0.61(w) x 0.92(h) x 1.00(d)
Table of Contents
The Time Has Come for Change
What to Look for in This Chapter
Why Data Protection Is Important
What Data Protection Is
Data Protection Has to Be Placed in the Right Framework
Evolving to the Governance, Risk Management, and Compliance Framework
Ride the Sea Change in Data Protection
How to Read This Book
An Aside on Process Management
Key Takeaways
Business Continuity: The First Foundation for Data Protection
What to Look for in This Chapter
Business Continuity as a Key to Risk Management
Business Continuity and Data Protection
Business Continuity Is Not Just Disaster Recovery
Disaster Recovery: Let’s Get Physical
Operational Recovery: Think Logically
Disaster Recovery Requires Judgment; Operational
Recovery Requires Automation
Logical Data Protection Gets Short Shift in Business Continuity
Do Not Neglect Any Facet of Data Protection
Key Takeaways
Data Protection—Where the Problems Lie
What to Look for in This Chapter
Data Protection as It Was in the Beginning
Typical Data Protection Technology Today Still Leaves a Lot to Be Desired
Summing up Data Protection Challenges by Category
Key Takeaways
Data Protection—Setting the Right Objectives
What to Look for in This Chapter
How High Is High Enough for Data Availability?
SNIA’s Data Value Classification: A Point of Departure
Do Not Equate Availability with Value
Availability Objectives for Operational Recovery and Disaster Recovery Are Not Necessarily the Same
Availability Is Not the Only Data Protection Objective
All Primary Data Protection Objectives Have to Be Met
Key Takeaways
Data Protection—Getting the Right Degree
What to Look for in This Chapter
General Use Classes of Data
The Third Degree—Levels of Exposure
Key Takeaways
Information Lifecycle Management Changes the Data Protection Technology Mix
What to Look for in This Chapter
Why Data Lifecycle Management Is Not Enough—The Need for Metadata and Management
ILM Is Deep into Logical Pools of Storage
Archiving through a New Lens
Active Archiving and Deep Archiving
ILM Changes the Data Protection Technology Mix
Key Takeaways
Compliance: A Key Piece of the GRC Puzzle
What to Look for in This Chapter
What Compliance Is All About
The Relationship between Compliance and Risk Management
Compliance and Data Protection
The Role of People in Compliance
The Role of Process in Compliance
The Role of Technology in Compliance
Key Takeaways
Governance: The Last Piece in the GRC Puzzle
What to Look for in This Chapter
Data Governance Must Respond to Changes in the Federal Rules of Civil Procedure
The Impact on Global Civil Litigation
The Big Three—Governance, Risk Management, and Compliance—and Data Protection Objectives
Key Takeaways
The Critical Role of Data Retention
What to Look for in This Chapter
The Need for Data Retention Management
Where the Responsibility for Data Retention Policy Management Lies
Making the Case for Archiving for Data Retention
Compliance and Governance
Creating Data Archive Storage Pools by Data Retention Attributes
Key Takeaways
Data Security—An Ongoing Challenge
What to Look for in This Chapter
How Data Protection and Data Security Are Interrelated
Information Security versus Data Security
Information Assurance
Information Risk Management
Data Preservation Is Data That Is Good to the Last Bit
Confidentiality as a Private and Public Concern
The Role of Data Availability in Data Security
Three Strategies for Protecting Confidentiality of Information
Confidentiality through Limiting Access to Data
Confidentiality through Limiting Use of Information
Confidentiality by Rendering Information Unusable to Unauthorized Users
The Special Case of Storage Security
Key Takeaways
Where Data Protection Technologies Fit in the New Model
What to Look for in This Chapter
Categorizing Data Protection Products
Mapping the Base Data Protection Technologies to the ILM Version of the Data Protection Framework
Key Takeaways
Back to Basics—Extending the Current Model
What to Look for in This Chapter
The Move to Multiple-Parity RAID
Evolving Backup/Restore Software
Recovery Management
Moving Data Manually and Electronically—The Place of Vaulting and Consolidation
Remote Office Data Protection
At Your Service—The Role of Service Suppliers
Key Takeaways
When Supporting Actors Play Lead Roles
What to Look for in This Chapter
Data Deduplication and Other Space-Saving Technologies
WAN Acceleration
Data Protection Management
Data Protection Change Management
Disaster Recovery Testing
Data Classification
Key Takeaways
Disk and Tape—Complementing and Competing with One Another
What to Look for in This Chapter
Disk-Based Backup
Speeding up the Backup/Restore Process—Your Mileage May Vary
Improving Restore Reliability
Keep in Mind
Virtual Tape
Virtual Tape Library
MAID
Removable Disk Drives and Disk Media
Data Protection Appliances
Tape Automation
Key Takeaways
Technologies for High Availability and Low (or No) Data Loss
What to Look for in This Chapter
Copy Strategies
Replication Strategies
Key Takeaways
Special Requirements for Compliance, Governance, and Data Security
What to Look for in This Chapter
The Use of WORM Technology
WORM Tape
WORM Disk
Electronic Locking
Guaranteeing the Authenticity of Data
Encryption Techniques
Compliance/Governance Appliance
Data Shredding
Key Takeaways
eDiscovery and the Electronic Discovery Reference Model
What to Look for in This Chapter
Information Management—Getting eDiscovery off on the Right Foot
Overview of the Steps of the EDRM Model
Key Takeaways
Cloud Computing, SaaS, and Other Data Protection Services
What to Look for in This Chapter
Growth in Services Raises Questions for Data Protection
An Introduction to Cloud Computing
Where IT Services Are Headed
Data Protection Considerations in Using a Services Model
Confronting the Issue of Control and Third-Party Services
Key Takeaways
Other Considerations in Data Protection
What to Look for in This Chapter
From Flash Computing to Tape—The Role of Tiering in Data Protection
The Impact of Server and Storage Virtualization on Data Protection
Master Data Management and Data Protection
Green Computing and Data Protection
Key Takeaways
Tying It All Together, Including the PRO-Tech Data Protection Model
What to Look for in This Chapter
The PRO-Tech Model for Data Protection
The PRO-Tech Model—Level 1
Tying the PRO-Tech Layers to GRC Business Responsibilities
Data Protection Is Everyone’s Business—Last Call for Data Governance
Synthesizing a Data Protection Framework
Guidelines for Data Protection
The Challenge Ahead and a Call to Action
Key Takeaways
Glossary
Index
Customer Reviews
Average Review: