Richard Chew, CISA, CISM, CGEIT, senior information security analyst at Emerald Management Group, helped develop ISACA’s new white paper, Privacy and Big Data. We chatted with him about the publication.
ISACA: Is big data “the new oil,” as dubbed by the World Economic Forum?
Richard: Yes, the value of information is better than oil if it satisfies several criteria:
· Value to the organization
ISACA: Why do some enterprises skip steps related to proper policies and frameworks in a rush to exploit the benefits of big data?
Richard: CIOs are always anxious to fulfill the desires of the board and senior management. It is a matter of survival instinct. Having been a CIO twice, I know the smart CIO harnesses the engagement of the board and senior management in a structured manner that resembles “governance” and seeks the use of internal resources who already know their organization and the goal of the data being mined. The question becomes “Make, buy or outsource?
In the original Big Data: Impacts and Benefits white paper, we took great pains to seek a path of partnering with a firm willing to train internal resources in phases. When the engagement is over, the organization is left with internal documentation and intellectual property. At each phase, an assessment can be done to determine what investment is right for the organization.
ISACA: What is the key, overarching message in the Privacy and Big Data white paper?
Richard: Big data can be a useful enterprise tool or a Pandora’s Box of compliance and runaway investment.
ISACA: You advise enterprises to ask whether they can trust their data sources. Why is that a critical question?
Richard: Garbage in is still garbage out. Data has to be filtered and tested. In the wrong hands, there is truth to the book, “How to Lie with Statistics.”
ISACA: You’re a proponent of COBIT 5. How does this framework enable optimization of big data?
Richard: Patents exist for various information technology techniques such as encryption, search algorithms, etc. Frameworks such a COBIT exist in order to keep us from reinventing the wheel. The beauty of COBIT is the ability to pick and choose what framework elements are appropriate to your organization. There is a tremendous amount of intellectual property invested in the development of COBIT framework elements. The joke—and truth—is to remember to avoid over-implementing COBIT to where the framework cripples an organization or its processes.
Learn more, download the free Privacy and Big Data white paper, and provide feedback on this document here.