Have you ever written an information classification policy based on integrity?
Feb 21st, 2008 by Jesper Kråkhede
Today I attended a very interesting seminar regarding Business Intelligence (BI) held by Ronny Seehus, Vice President and Head of Business Intelligence Consulting in Capgemini Norway. As a very skilled business manager Ronny easily explained how the BI business should be focused on information and information usage rather than from the technology perspective. In several key areas security was a success factor in the delivery due to the sometimes sensible information handled by the solutions. One very interesting point was the importance of having correct and valid information. This is of course nothing new within BI but when looking at the business problems with achieving high quality data it quickly turned out that it was very seldom that data actually was classified from an integrity point of view. Very often data from several different sources was treated as having an equal value. One way to solve this is by implementing Master Data Management.
If we take a step back and look at the theories from Jericho Forum regarding deparameterization and moving security to the information level instead by implementing encrypting and other solutions the step to apply the same theories for handling integrity and correctness of data is rather short. In the same way as you do your confidentiality classification you should classify the integrity and correctness of your data. By implementing filters in your BI solutions you could actually decide what quality you want to have in your reports and applying this into your analysis.