Data security risk and challenges: is your corporate information secure?

• Author: Newhof, Elizabeth J.
• Position: The Hidden Corporation: A Data Management Novel - Book review

The Hidden Corporation: A Data Management Novel is a compelling tale of corporate information theft that reads like a suspense novel. As readers follow Nancy MacBaron on the hunt for the culprit, they learn a whole lot more than who is responsible for this business disaster. In fact, author David Schlesinger's novel is a clear and enjoyable primer on many of today's key elements of information management, particularly as they relate to data security.

Kudos to Schlesinger for his refreshing and compelling approach to teaching the basics through narrative and for identifying a critical gap in an organization's approach to solving information security and data regulatory compliance problems. He asserts, "The root cause of insufficient information protection is that most corporations lack the internal business structure required to protect and manage information at the enterprise level."

The good news, according to Schlesinger, is that "the people who will solve your information security and data regulatory compliance problems already work for you." The challenge is riley "do not [currently] work together, do not believe data categorization work is part of the reward structure, nor do they report to any single box in your Organizational Chart."

This book is a worthwhile read for business leaders, information technology, data security, and information management professionals, and students. Schlesinger's portrayal of departmental "ownership" of information and ignorance of the breadth of information use across the enterprise is certain to be familiar territory for many information professionals, but it is likely to be a revelation to many business leaders.

Business leaders are also sure to pause as they consider data architect Vic Sharma's assessment, "When the IT Department moved to client servers and gave everybody their own computers and software, the data administrators went away and allowed the departments to build and buy programs to create a data Tower of Babel. It seemed like freedom at first, but now it is slowing down the company and adding cost."

As for teaching the basics of data security, Schlesinger clarifies the intent of the Sarbanes-Oxley Act while distinguishing between regulations and policies. While this, in itself, is helpful, he...