Abstract

While traditional security assessments (such as mandated external security reviews which include a penetration test tied to a security framework) are a critical component to securing your data infrastructure, the complexities and governance structures around integrated data systems that involve multiple public sector agencies require a more comprehensive framework to address comprehensive risk, regulatory, and governance considerations that are critical to the confidentiality of the data within these systems. In January of 2024, the Data Integration Support Center (DISC) created and piloted an enhanced system review that includes components that are often overlooked or oversimplified when working with today's technologies such as cloud-based secure enclaves. By following up on a mandated security review, an enhanced system review can help a maturing Integrated Data System (IDS) address both security and privacy risks as it moves forward. An enhanced system review looks primarily, though not necessarily exclusively, at the following aspects of an IDS, principally in the interest of ensuring privacy: IDS alignment with its legal framework and other structuring documents (e.g., policies, procedures, interagency agreements) Training to support privacy and security Use of technology to prevent or mitigate human error The results of the review are provided directly to the IDS leadership and generally include a list of recommendations in the areas of improved legal agreements, leveraging privacy enhancing technologies to mitigate or reduce errors, procedural/policy gap identification and/or architectural recommendations to improve the security.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.