IT Examiner School - Oct 2023

Internal Use Only

AIO Infrastructure Risk Topics

23

Internal Use Only

AIO Infrastructure Data Governance & Data Management

Effective data management ensures data is readily accessible, reliable, and timely for users. Additionally, it includes a process for securely removing or destroying data when it's no longer needed, with a focus on verifying the process's effectiveness. Examiners should assess the following: • Data identification and classification procedures. • Controls for safeguarding data in both physical and digital formats. • The monitoring of databases, including new and existing ones, as well as noncompliant or misconfigured databases and any changes to them. • The effectiveness of securing databases, analytics tools, and reports. • Procedures for controlling unmasked data in non-production environments. • Processes for applying patches to databases and monitoring the production database's patch level for updates.

24