Data Protection: Governance, Risk Management, and Compliance, 1st Edition (Hardback) book cover

Data Protection

Governance, Risk Management, and Compliance, 1st Edition

By David G. Hill

CRC Press

330 pages | 18 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781439806920
pub: 2009-08-10
SAVE ~$14.39
eBook (VitalSource) : 9780429130441
pub: 2016-04-19
from $47.98

FREE Standard Shipping!


Failure to appreciate the full dimensions of data protection can lead to poor data protection management, costly resource allocation issues, and exposure to unnecessary risks. Data Protection: Governance, Risk Management, and Compliance explains how to gain a handle on the vital aspects of data protection.

The author begins by building the foundation of data protection from a risk management perspective. He then introduces the two other pillars in the governance, risk management, and compliance (GRC) framework. After exploring data retention and data security in depth, the book focuses on data protection technologies primarily from a risk management viewpoint. It also discusses the special technology requirements for compliance, governance, and data security; the importance of eDiscovery for civil litigation; the impact of third-party services in conjunction with data protection; and data processing facets, such as the role of tiering and server and storage virtualization. The final chapter describes a model to help businesses get started in the planning process to improve their data protection.

By examining the relationships among the pieces of the data protection puzzle, this book offers a solid understanding of how data protection fits into various organizations. It allows readers to assess their overall strategy, identify security gaps, determine their unique requirements, and decide what technologies and tactics can best meet those requirements.

Table of Contents

The Time Has Come for Change

What to Look for in This Chapter

Why Data Protection Is Important

What Data Protection Is

Data Protection Has to Be Placed in the Right Framework

Evolving to the Governance, Risk Management, and Compliance Framework

Ride the Sea Change in Data Protection

How to Read This Book

An Aside on Process Management

Key Takeaways

Business Continuity: The First Foundation for Data Protection

What to Look for in This Chapter

Business Continuity as a Key to Risk Management

Business Continuity and Data Protection

Business Continuity Is Not Just Disaster Recovery

Disaster Recovery: Let’s Get Physical

Operational Recovery: Think Logically

Disaster Recovery Requires Judgment; Operational

Recovery Requires Automation

Logical Data Protection Gets Short Shift in Business Continuity

Do Not Neglect Any Facet of Data Protection

Key Takeaways

Data Protection—Where the Problems Lie

What to Look for in This Chapter

Data Protection as It Was in the Beginning

Typical Data Protection Technology Today Still Leaves a Lot to Be Desired

Summing up Data Protection Challenges by Category

Key Takeaways

Data Protection—Setting the Right Objectives

What to Look for in This Chapter

How High Is High Enough for Data Availability?

SNIA’s Data Value Classification: A Point of Departure

Do Not Equate Availability with Value

Availability Objectives for Operational Recovery and Disaster Recovery Are Not Necessarily the Same

Availability Is Not the Only Data Protection Objective

All Primary Data Protection Objectives Have to Be Met

Key Takeaways

Data Protection—Getting the Right Degree

What to Look for in This Chapter

General Use Classes of Data

The Third Degree—Levels of Exposure

Key Takeaways

Information Lifecycle Management Changes the Data Protection Technology Mix

What to Look for in This Chapter

Why Data Lifecycle Management Is Not Enough—The Need for Metadata and Management

ILM Is Deep into Logical Pools of Storage

Archiving through a New Lens

Active Archiving and Deep Archiving

ILM Changes the Data Protection Technology Mix

Key Takeaways

Compliance: A Key Piece of the GRC Puzzle

What to Look for in This Chapter

What Compliance Is All About

The Relationship between Compliance and Risk Management

Compliance and Data Protection

The Role of People in Compliance

The Role of Process in Compliance

The Role of Technology in Compliance

Key Takeaways

Governance: The Last Piece in the GRC Puzzle

What to Look for in This Chapter

Data Governance Must Respond to Changes in the Federal Rules of Civil Procedure

The Impact on Global Civil Litigation

The Big Three—Governance, Risk Management, and Compliance—and Data Protection Objectives

Key Takeaways

The Critical Role of Data Retention

What to Look for in This Chapter

The Need for Data Retention Management

Where the Responsibility for Data Retention Policy Management Lies

Making the Case for Archiving for Data Retention

Compliance and Governance

Creating Data Archive Storage Pools by Data Retention Attributes

Key Takeaways

Data Security—An Ongoing Challenge

What to Look for in This Chapter

How Data Protection and Data Security Are Interrelated

Information Security versus Data Security

Information Assurance

Information Risk Management

Data Preservation Is Data That Is Good to the Last Bit

Confidentiality as a Private and Public Concern

The Role of Data Availability in Data Security

Three Strategies for Protecting Confidentiality of Information

Confidentiality through Limiting Access to Data

Confidentiality through Limiting Use of Information

Confidentiality by Rendering Information Unusable to Unauthorized Users

The Special Case of Storage Security

Key Takeaways

Where Data Protection Technologies Fit in the New Model

What to Look for in This Chapter

Categorizing Data Protection Products

Mapping the Base Data Protection Technologies to the ILM Version of the Data Protection Framework

Key Takeaways

Back to Basics—Extending the Current Model

What to Look for in This Chapter

The Move to Multiple-Parity RAID

Evolving Backup/Restore Software

Recovery Management

Moving Data Manually and Electronically—The Place of Vaulting and Consolidation

Remote Office Data Protection

At Your Service—The Role of Service Suppliers

Key Takeaways

When Supporting Actors Play Lead Roles

What to Look for in This Chapter

Data Deduplication and Other Space-Saving Technologies

WAN Acceleration

Data Protection Management

Data Protection Change Management

Disaster Recovery Testing

Data Classification

Key Takeaways

Disk and Tape—Complementing and Competing with One Another

What to Look for in This Chapter

Disk-Based Backup

Speeding up the Backup/Restore Process—Your Mileage May Vary

Improving Restore Reliability

Keep in Mind

Virtual Tape

Virtual Tape Library


Removable Disk Drives and Disk Media

Data Protection Appliances

Tape Automation

Key Takeaways

Technologies for High Availability and Low (or No) Data Loss

What to Look for in This Chapter

Copy Strategies

Replication Strategies

Key Takeaways

Special Requirements for Compliance, Governance, and Data Security

What to Look for in This Chapter

The Use of WORM Technology



Electronic Locking

Guaranteeing the Authenticity of Data

Encryption Techniques

Compliance/Governance Appliance

Data Shredding

Key Takeaways

eDiscovery and the Electronic Discovery Reference Model

What to Look for in This Chapter

Information Management—Getting eDiscovery off on the Right Foot

Overview of the Steps of the EDRM Model

Key Takeaways

Cloud Computing, SaaS, and Other Data Protection Services

What to Look for in This Chapter

Growth in Services Raises Questions for Data Protection

An Introduction to Cloud Computing

Where IT Services Are Headed

Data Protection Considerations in Using a Services Model

Confronting the Issue of Control and Third-Party Services

Key Takeaways

Other Considerations in Data Protection

What to Look for in This Chapter

From Flash Computing to Tape—The Role of Tiering in Data Protection

The Impact of Server and Storage Virtualization on Data Protection

Master Data Management and Data Protection

Green Computing and Data Protection

Key Takeaways

Tying It All Together, Including the PRO-Tech Data Protection Model

What to Look for in This Chapter

The PRO-Tech Model for Data Protection

The PRO-Tech Model—Level 1

Tying the PRO-Tech Layers to GRC Business Responsibilities

Data Protection Is Everyone’s Business—Last Call for Data Governance

Synthesizing a Data Protection Framework

Guidelines for Data Protection

The Challenge Ahead and a Call to Action

Key Takeaways



About the Author

David G. Hill is the principal of Mesabi Group LLC, which helps enterprises adopt new and improved IT processes and technologies. Prior to starting Mesabi Group, he was the vice president and founder of the Storage & Storage Management practice at the Aberdeen Group.

Subject Categories

BISAC Subject Codes/Headings:
BUSINESS & ECONOMICS / Production & Operations Management
COMPUTERS / Information Technology
COMPUTERS / Security / General