Data Governance Update. BOE workshop January 30, 2014

Transcription

1 Data Governance Update BOE workshop January 30, 2014

2 IT Leadership Brett Miller, Chief Technology Officer Dave Reid, Director Enterprise Application Architecture Chris Paschke, Manager Information Security Fran Williamson, Director Administrative Technology Curtis Lee, Director EdTech Support Matt Holthaus, Director Infrastructure Services

3 What is Data Governance? Vigilance Knowledge Risk Management Methodology and Policies Applied Science/Forensics Architecture Implementation Operations

4 What we focused on

5 Common-Sense Rules of Information Security 1. Don t provide insecure access to interesting data. 2. Manage vulnerabilities. Verify compliance with security standards and regulations. 3. Don t provide nests for hackers. Ensure InfoSec policies/procedures are solid. 4. Set traps to detect intrusions. 5. Monitor reports generated by your security monitoring tools. 6. Learn about security standards and operations. 7. Vigilantly look for unusual activity.

6 Where is the industry? April 2011 US dept of Education launches initiatives to safeguard student privacy Colorado Department of Education Privacy officers primarily considered a function of financial and healthcare institutions

7 How does Jeffco compare? We have already been doing a lot of this work DG framework: Data accessibility Availability Quality Consistency Security Auditability

8 Jeffco Governance Work Executive Director of Data Privacy and Security role established Data Governance Committee established

9 Jeffco Governance Work Policies Existing contracts and going forward Organizational awareness and training

10 Information Security roadmap Summary Q Q Q Q Q The Vision INFORMATION SECURITY Identify gaps today in both policy and ongoing risk management processes within the district. Proactively integrate security requirements with existing district processes. InfoSec technical policy review and updates InfoSec purchasing policy gap analysis and requirements integration Integrate Cloud vendor purchasing requirements Develop and adopt system risk assessment framework Encryption process review, inventory, and update. Quarterly technical vulnerability assessment InfoSec policy compliance audit and mitigation Yearly system risk assessment Quarterly technical vulnerability assessment Quarterly technical vulnerability assessment A comprehensive collection of policies. Ongoing measurement and assessment for new systems based on a standardized approach. Existing systems will be retroactively assessed. Information security is trending toward a cultural and operational norm with respect to data. Version Sep-2013

11 Governance and Awareness roadmap Current Summary Q Q Q Q Q The Vision GOVERNANCE AND AWARENESS Governance, oversight, and support for a district-wide data management system are recognized today. Work will continue to formalize these processes Develop Data Lifecycle Management Policy DG program documents finalized Training development: DG awareness DG steering membership review DG program annual review/revision Training Delivery: DG awareness IT staff, data consumers/producers State of the district s data governance annual assessment and report Develop DG tracking metrics: Collect, evaluate and tune tracking metrics Quarterly DG plan review, updates, and process capture The Data Governance Program is an accepted and respected part the district s data management strategy and provides tangible value. Consumers and data resources collectively support a culture of data quality. Version Sep-2013

12 Data Management roadmap Current Summary Q Q Q Q Q The Vision CRITICAL DATA MANAGEMENT Baseline tools, processes, and definitions to help facilitate critical data management will focus on governance, standardization, and enforcement. Data inventory compilation (all tracked data sets) Identify critical data stakeholders Critical data security and regulatory requirements reviews Data lifecycle management process and control development implementation Finalize data prioritization Annua data inventory review Ongoing data model mapping via EDGaR/Classroom Dashboard project (based on national EdFi data model) Data model mapping/ dictionary gap analysis Established and thorough processes to ensure that data is identified, classified, and managed in a manner commensurate with its importance and in line with standards, policies, and governance requirements. Version Sep-2013

13 Questions