超越猜测：数据风险量化方法.pdf

《超越猜测：数据风险量化方法.pdf》由会员分享，可在线阅读，更多相关《超越猜测：数据风险量化方法.pdf（11页珍藏版）》请在三个皮匠报告上搜索。

1、Beyond GuessworkAN APPROACH TO DATA RISK QUANTIFICATIONChristopher Hockey,ManagerAlvarez&MarsalMarch 31,2025Whos This Guy?20+years in Information Governance related roles across multiple sectorsCertified Information Governance Professional and US Privacy ProfessionalCurrently with Alvarez&Marsal spe

2、cializing in information risk and governance solutionsAgendaIntroduction and PurposeClient Case Study OverviewIdentifying Hidden Data ChallengesQuantification FrameworkReal-World Outcomes and ResultsKey Insights and TakeawaysQ&AIntroduction and PurposeData drives strategic decisionsRisks increase wi

3、th data valueThere are clear methods to quantify and manage data risksReview Healthcare Sector Case Study to show one possible strategy that demonstrates actionable insightsClient Case Study OverviewSector:HealthcareScope of Analysis63 business processes analyzed28 information systems evaluated11 or

4、ganizational functions coveredCollaboration with over 50 stakeholdersPrimary ChallengesManaging sensitive data(PHI,PII,SBI)Meeting regulatory compliance requirementsLimited visibility into actual risksMotivation:Improve governance and quantify risks clearly to significantly reduce data exposureIdent

5、ifying Hidden Data ChallengesMethodologyStakeholder interviewsComprehensive process/system mappingTechnology assessmentMajor Risks UncoveredSensitive data stored locally and in unsecured cloud storageLimited staff awareness of compliance obligationsLack of defined data disposal proceduresInconsisten

6、t and unmanaged data accessQuantification FrameworkScoring System OverviewEvaluates processes based on:Data SensitivityDegree of Unstructured System UsageData Sharing with Third PartiesData SensitivityCategorized into:PHI(High Risk)PII(High Risk)SBI(Low Risk)R