There has been an important shift in the expected behavior of organizations that handle sensitive data, a shift brought on by public discussion about corporate mismanagement, data breaches, and the associated disclosure and control requirements. Not long ago an organization could have weak controls around their sensitive data (whether personal or corporate), and if a data breach occurred, the organization could make its own determination about the impact of that breach and act accordingly without involving outside parties. That is no longer acceptable. And the responsibility for ensuring proper procedures and safeguards now extends from the information technology organization all the way to the boardroom.

This means that people without IT expertise are now expected to become familiar with issues of IT controls, database access, privileged users, separation of duty and other key concepts that play a role in an effective corporate response to data access accountability. Likewise, IT professionals are being forced to learn about regulatory compliance and control concepts that are not part of the standard IT kit. Both groups were ignorant, probably blissfully so, of the need to understand these arcane and otherworldly topics.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access