Data Protection Governance, Risk Management, and Compliance

Failure to appreciate the full dimensions of data protection can lead to poor data protection management, costly resource allocation issues, and exposure to unnecessary risks. Data Protection: Governance, Risk Management, and Compliance explains how to gain a handle on the vital aspects of data protection.The author begins by building the foundation of data protection from a risk management perspective. He then introduces the two other pillars in the governance, risk management, and compliance (GRC) framework. After exploring data retention and data security in depth, the book focuses on data protection technologies primarily from a risk management viewpoint. It also discusses the special technology requirements for compliance, governance, and data security; the importance of eDiscovery for civil litigation; the impact of third-party services in conjunction with data protection; and data processing facets, such as the role of tiering and server and storage virtualization. The final chapter describes a model to help businesses get started in the planning process to improve their data protection.By examining the relationships among the pieces of the data protection puzzle, this book offers a solid understanding of how data protection fits into various organizations. It allows readers to assess their overall strategy, identify security gaps, determine their unique requirements, and decide what technologies and tactics can best meet those requirements.

The Time Has Come for Change. Business Continuity: The First Foundation for Data Protection. Data Protection—Where the Problems Lie. Data Protection—Setting the Right Objectives. Data Protection—Getting the Right Degree. Information Lifecycle Management Changes the Data Protection Technology Mix. Compliance: A Key Piece of the GRC Puzzle. Governance: The Last Piece in the GRC Puzzle. The Critical Role of Data Retention. Data Security—An Ongoing Challenge. Where Data Protection Technologies Fit in the New Model. Back to Basics—Extending the Current Model. When Supporting Actors Play Lead Roles. Disk and Tape—Complementing and Competing with One Another. Technologies for High Availability and Low (or No) Data Loss. Special Requirements for Compliance, Governance, and Data Security. eDiscovery and the Electronic Discovery Reference Model. Cloud Computing, SaaS, and Other Data Protection Services. Other Considerations in Data Protection. Tying It All Together, Including the PRO-Tech Data Protection Model. Glossary. Index.

David G. Hill is the principal of Mesabi Group LLC, which helps enterprises adopt new and improved IT processes and technologies. Prior to starting Mesabi Group, he was the vice president and founder of the Storage & Storage Management practice at the Aberdeen Group.