Data security

What do we mean by data security?  

The ability to ensure the protection of physical or digital information from unauthorised access or disclosure.  

The aim of data security is to maintain the confidentiality, integrity, and availability of data and to safeguard it from threats. 

Data might include personally identifiable information, financial records, and intellectual property. 

Data security and data governance are intrinsically linked and together involve designing and enacting the physical and technical controls needed to protect different data classifications as set out within a data governance framework. 

 Knowledge 

• Understanding of relevant legislation and regulatory frameworks for the use of data. 
• Understanding of data quality management and governance best practice.
• Knowledge of data lifecycle management. 
• Understanding of physical and technological security controls. 
• Understanding of risk management practice. 
• Know where to access current best practice and up to date cyber security advice. 

Skills 

Able to:  

• Develop an effective technical and physical control framework: That supports the data governance requirements of the organisation. 
• Manage risk effectively: Including assessing the likelihood and impact of data security breaches, the controls needed to protect data effectively, the detection mechanisms required to determine a breach is taking place and the mitigations required should a data breach occur. 
• Implement technical and physical controls: To ensure data is protected, including standard identity and access management controls and encryption etc. 
• Implement access / authorisation controls: As defined by organisational data governance, to ensure data is only accessed by people who need to see it and to protect against unauthorised access or data breaches. 
• Develop authentication mechanisms: To verify the identity of users before they can access information. 
• Implement protective measures: Such as network security to control inbound and outbound traffic and to block potential threats, patching to address potential vulnerabilities and end point security to prevent unauthorised access. 
• Implement effective monitoring and incident response: To detect, contain and swiftly respond to and recover from security incidents. 
• Ensure back-up and recovery: Aligned to organisational needs, including the amount of time it will take to return a system to an available state (Return Time Objective) and the amount of data loss the Council could reasonably withstand (Return Point Objective). 
• Manage change: Impact assess changes and their impact on data and data risk. 
• Train, coach, and support: All employees and particularly those working in transformation and / or the specification and design of digital solutions in relation to data security. 
• Manage stakeholders: Identifying and working with stakeholders to understand their needs, drivers, and priorities. 
• Communicate and collaborate effectively: With stakeholders at all levels, including technical and non-technical teams. 

Behaviours

Behaviours associated with data security require team members to be: