Untitled
Studocu is not sponsored or endorsed by any college or university
Data Governance Banking Analysis
IT Leadership Foundations (Western Governors University)
Studocu is not sponsored or endorsed by any college or university
Data Governance Banking Analysis
IT Leadership Foundations (Western Governors University)
Downloaded by mensur shikur ( XXXXXXXXXX)
lOMoARcPSD| XXXXXXXXXX
https:
www.studocu.com/en-us?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis
https:
www.studocu.com/en-us/document/western-governors-university/it-leadership-foundations/data-governance-banking-analysis/ XXXXXXXXXX?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis
https:
www.studocu.com/en-us/course/western-governors-university/it-leadership-foundations/4982750?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis
https:
www.studocu.com/en-us?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis
https:
www.studocu.com/en-us/document/western-governors-university/it-leadership-foundations/data-governance-banking-analysis/ XXXXXXXXXX?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis
https:
www.studocu.com/en-us/course/western-governors-university/it-leadership-foundations/4982750?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis
Data and Information Governance Banking Analysis
Data Governance Banking Analysis
By
Richard Baah-Kissi
Western Governors University
September 24, 2021
Downloaded by mensur shikur ( XXXXXXXXXX)
lOMoARcPSD| XXXXXXXXXX
https:
www.studocu.com/en-us?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis
Data and Information Governance Banking Analysis
Downloaded by mensur shikur ( XXXXXXXXXX)
lOMoARcPSD| XXXXXXXXXX
Data and Information Governance Banking Analysis
Data and Information Governance (Banking Analysis)
Introduction:
The Me
ilton Bank like many other financial organizations, have a need for an effective data
governance to manage its data as a critical and strategic asset to align their objectives and to
effectively meet their goals. It is the responsibility of data analysts and managers to present
enterprise-level methods and processes to the organization for data collection, extraction, and
elevance, to achieve derivative beneficial outcomes needed for the implementation of effective
decision making in their loan approval methods.
A. Data Governance Status:
Me
ilton Banks credit assessment and risk detection models are the organizations valuable data
assets which have gone through extensive development and one can be almost certain if urged to
guess the reason why the Department of Treasury chose Me
ilton Bank, would be that, the
statistical scoring models used for automatic loan approval or denial is what garnered the
position of trust by the Department of Treasury to nominate Me
ilton to administer the Small-
Business Assistance Program, however, other lapses are evident in siloed environments as
Me
ilton’s.
ï‚· We can identify pockets of the four (4) elements of data governance (DG) which appear
isolated from each other in terms of the designation and segmentation of responsibilities
of the different departments.
1. People: It appears there are data stewards in the various departments managing
each department, but overall program Data Owners & Managers are not
mentioned to coordinate the integration of data from various sources which is a
possible hinderance to an effective agile model development.
2. Process: Me
ilton’s cu
ent processes are defined in individual departments with
no unified organizational or enterprise level data access. Siloed data marts exist
within the IT department and other supporting non-IT departments. The
individualistic nature of operation leads to adhoc un-coordinated change
management processes.
Downloaded by mensur shikur ( XXXXXXXXXX)
lOMoARcPSD| XXXXXXXXXX
https:
www.studocu.com/en-us?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis
Data and Information Governance Banking Analysis
3. Technology: The use of data-driven decision tools behind cloud-native mobile
application, business analytic and data warehousing components are cu
ent as
one would expect.
4. Content: The existence of quality training and testing data is evident from the
highly centralized data warehouse that the business analytics department utilizes.
The non-IT department siloes also provide centralized services but are rarely used
in the decision making at the TOP (Enterprise level).
B. Gap Analysis:
It is necessary to develop a data governance strategy that provides a road map outlining the steps
Me
ilton should take to access, secure, analyze, and manage its customer data. It is obvious that
there is no coordination between various departments due to the absence of effective
management oversight and data governance processes to diligently prevent intrusion, protect
customer data and maintain compliance. We will analyze the following gaps identified in the
Me
ilton Bank’s operational environment.
1. People:
Data Owners must be appointed in each of the departments to coordinate access control
procedures within their respective departments. Assigning data stewards and owners for
various types of data is the key to clarity and accountability. They must know where their
data resides, how its defined and integrated with other datasets within the enterprise.
These personnel must be adequately trained in their roles to maintain the confidentiality
and integrity of the data at their disposal and make it readily available when needed.
Program managers are needed for such endeavors involving government programs and
task orders to coordinate development and operational timelines ensuring cross-
functional support among departments is prevalent.
Executive sponsors were not mentioned in the Me
ilton case study. This role is very
crucial in maintaining support and funding for the program.
2. Process:
It is necessary to establish internal policies for data use to ensure compliance, protect and
preserve data, minimize risk, and enhance data analysis. It comes as a blessing to be
Downloaded by mensur shikur ( XXXXXXXXXX)
lOMoARcPSD| XXXXXXXXXX
Data and Information Governance Banking Analysis
ecognized by the federal government and awarded contracts to handle its programs
however, it comes along with its bout of headaches. Analyzing the case study, Me
ilton
Bank does not have a compliance department to set and enforce policies required by the
federal government.
There was no mention of policies on how to handle the following federally mandated
policies.
 Personal Health Information (PHI)
 Personal Identifiable Information (PII)
 Personal Credit Information (PCI)
Me
ilton Bank did not outline a data life-cycle policy framework by any of the
departments mentioned in the case study.
The shared-security model instituted by cloud providers should prompt Me
ilton
Bank to consider having a Mobile Computing Policy to regulate what should be stored on
the cloud since the organization is developing cloud-native mobile apps.
Strategies for Confidential document access controls must be clearly defined for security
and compliance.
Lastly, no insider threat process was stated to guarantee how customers data access by
employees will be monitored to prevent fraudulent data access and usage.
For the scope of this project, all processes cannot be enumerated but, at a minimum, the
above policies should be embedded into the workflow to maintain compliance and reduce
isk.
3. Technology:
There are various tools and capabilities to enhance information security. Me
ilton’s quest
for modernization should move along with utilizing cu
ent systems with in-built security
features designed to combat modern cyber security threats. Moving forward sometimes
means looking rearward. Me
ilton should secure funding for new systems and retire
legacy systems and business processes that are redundant. Streamline access control by
implementing robust steps to grant access to systems. Procedures must be in place to
promptly close the systems access loop if an employee separates with the organization.
Downloaded by mensur shikur ( XXXXXXXXXX)
lOMoARcPSD| XXXXXXXXXX
https:
www.studocu.com/en-us?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis
Data and Information Governance Banking Analysis
Data access technology like shared-file server systems must be made easily accessible
and discoverable to provide actionable insights and analysis beyond regulatory
compliance through group policies.
4. Content/Data:
Me
ilton’s data warehousing department did not mention policies and procedures in
place to safeguard against data co
uption. How will they determine if the data that is
eing ingested into the data warehouse is good? Data validation and testing must be
implemented regularly to ensure the availability of good data and that was not stated in
the case study.
To ensure timeliness and completeness, changes to codes or terminologies must be
communicated to all stakeholders and approved by a change management board.
To ensure uninte
upted availability, real-time data replication methods should be
implemented to switch to a secondary replica configured for disaster recovery in case of
an outage of the primary database server.
C. Achieving Readiness:
The gap analysis of the case study in the previous section clearly shows the lapses needed
addressing. Luckily, Me
ilton Bank has the basic infrastructure in place to handle the task
assigned by the Department of Treasury. We will focus on the four data governance elements as
aligned to the Me
ilton environment to plug the loopholes identified during the gap analysis.
1. People:
Data stewards must be assigned, and training provided. If possible, they must achieve
industry wide certification that aligns with their computing environment. For example,
Oracle database administrators must obtain at least Oracle Certified Associate
certification within 60 days from their hire date, if not already certified. They should be
eady to competently resolve any issues that crops up.
Program managers must be hired to coordinate progress and timeliness and to play a
mediator role between the various departments and stakeholders.
Downloaded by mensur shikur ( XXXXXXXXXX)
lOMoARcPSD| XXXXXXXXXX
Data and Information Governance Banking Analysis
An executive sponsor is needed to guarantee sponsorship and funding. Data owners or
stewards must report on progress being made and be ready to communicate value
egularly to the stakeholders to reinforce their acceptance and viability of the data
governance endeavor.
Configuration and compliance manager roles must be established to always enforce
policy compliance.
Security professional must be infused into the setup to monitor and safeguard data
security.
Internal and external auditors must be present in the organizational structure to ensure all
policies are being adhered to per federal guidelines.
Effective Performance by assignees of these roles will guarantee an increase in data
security and access control if all work in coordination to achieve Me
ilton’s goals.
2. Process:
Streamlined, simplified, and well documented processes will go a long way to prevent or
thwart any possible future cyber security
eaches or incidents.
Policies must be in place to safeguard the transmission of PII, PHI and PCIs. For
example, redact all information containing social security numbers and encrypt IP
addresses of critical systems when transmitting externally or over the internet.
Data retention policies must be clearly specified to ensure backups are taken regularly
and restore and recovery procedures are routinely tested and validated.
Me
ilton Bank should incorporate stricter authentication policies, programmed in the
systems to enforce multifactor authentication and strong passwords.
3. Technology:
Scanning technology like ACAS or NESSUS scanning utility must be deployed on all
systems to check for possible vulnerabilities. These scanning utilities provide metrics that
can be measured for compliance.
Implement a federated access control like ACTIVE DIRECTORY accounts to enable a
simplified User Account Control to promptly disable user accounts when separated from
the organization.
Downloaded by mensur shikur ( XXXXXXXXXX)
lOMoARcPSD| XXXXXXXXXX
https:
www.studocu.com/en-us?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis
Data and Information Governance Banking Analysis
Me
ilton needs to utilize visualization dashboarding applications like Oracle enterprise
manager to monitor operating system resources (CPU, MEMORY, RAM) and provides
the capability of database monitoring of datafiles and tablespace utilization and graphical
database administration and event logging and reporting.
4. Content:
The success or failure of the Small Business Assistance Program entrusted to Me
ilton
Bank will depend on the availability of GOOD QUALITY DATA.
The data in Me
ilton Bank’s databases must be accurate, reliable, and available always.
The magnitude of the SBAP require robust and reliable processes. To guarantee zero
downtime, Me
ilton Bank should utilize disaster recovery applications like Oracle
Dataguard or Goldengate to maintain Active-Active replication to switchover seamlessly
in the event of an unexpected outage.
Data life-cycle policies should be applied to all data banks to maintain up-to-date and
pristine data in their repositories. Archiving strategies should be part of the data life-cycle
policy.
D. Agenda Items:
The following recommendations are selected from the agenda items and are provided for
consideration at Me
ilton’s executives meeting.
ï‚· The need for additional infrastructure to support the new loan program.
ï‚· The criticality of SBAP data and storage modality solutions
ï‚· Disaster recovery consideration of SBAP-related data
ï‚· Applicable laws around the collection and use of SBAP data compliance.
E. Agenda Justification:
ï‚· The need for additional infrastructure to support the new loan program.
Downloaded by mensur shikur ( XXXXXXXXXX)
lOMoARcPSD| XXXXXXXXXX
Data and Information Governance Banking Analysis
The scope and nature of the new loan program requires visibility and strict oversight to
comply with the additional federal regulations that Me
ilton must adhere to. The
implementation of advanced analytical, scanning and monitoring tools will simplify resource
monitoring and administration. The business analytics department may cu
ently have
analytical tools for modeling statistical data but, the database administrators may simplify the
monitoring of the Databases and Operating systems resources with the incorporation of
Enterprise manager Cloud Control application. Oracle management agents can be installed
on all database and Operating system servers and CPU, Memory, RAM, Login/Logout,
Privilege escalation, select queries, inserts on tables and tablespaces, any many more could
e monitored through a single cloud control console or dashboard without writing long
exhaustive scripts.
ï‚· The criticality of SBAP data and storage modality solutions.
The SBAP is designed to mitigate and avert a national economic crisis with a highly
speculated and anticipated positive effect on the rest of the world’s economies. This means,
the government aims to infuse financial aid to businesses that are on the verge of closure to
pump some financial muscle into the economy. Economists and politicians have coined
Austrian politician Von Metternich’s phrase about Paris and Europe with an American
version as, when America sneezes, the rest of the world catches cold which underscores the
dominance of the American economy in global economics.
All that said, the success of the program will rely on data accuracy and confidential access
control. A national program of this magnitude could present a fertile ground for bad actors
who would like to gain unauthorized access and Me
ilton Bank must bear that in mind to
avoid any mishap and secure storage processes to maintain consistency and completeness.
and availability of cu
ent and historical data collected from the applicants. The application
process entails the submission of business EIN, Checking or Savings accounts, employer’s
social security numbers for sole proprietors in some instances, annual business tax