For this assignment, I attached 3 pdf. I want the instructor to use a reference not more than two.
Untitled Studocu is not sponsored or endorsed by any college or university Data Governance Banking Analysis IT Leadership Foundations (Western Governors University) Studocu is not sponsored or endorsed by any college or university Data Governance Banking Analysis IT Leadership Foundations (Western Governors University) Downloaded by mensur shikur (
[email protected]) lOMoARcPSD|15230373 https://www.studocu.com/en-us?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis https://www.studocu.com/en-us/document/western-governors-university/it-leadership-foundations/data-governance-banking-analysis/18315534?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis https://www.studocu.com/en-us/course/western-governors-university/it-leadership-foundations/4982750?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis https://www.studocu.com/en-us?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis https://www.studocu.com/en-us/document/western-governors-university/it-leadership-foundations/data-governance-banking-analysis/18315534?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis https://www.studocu.com/en-us/course/western-governors-university/it-leadership-foundations/4982750?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis Data and Information Governance Banking Analysis Data Governance Banking Analysis By Richard Baah-Kissi Western Governors University September 24, 2021 Downloaded by mensur shikur (
[email protected]) lOMoARcPSD|15230373 https://www.studocu.com/en-us?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis Data and Information Governance Banking Analysis Downloaded by mensur shikur (
[email protected]) lOMoARcPSD|15230373 Data and Information Governance Banking Analysis Data and Information Governance (Banking Analysis) Introduction: The Merrilton Bank like many other financial organizations, have a need for an effective data governance to manage its data as a critical and strategic asset to align their objectives and to effectively meet their goals. It is the responsibility of data analysts and managers to present enterprise-level methods and processes to the organization for data collection, extraction, and relevance, to achieve derivative beneficial outcomes needed for the implementation of effective decision making in their loan approval methods. A. Data Governance Status: Merrilton Banks credit assessment and risk detection models are the organizations valuable data assets which have gone through extensive development and one can be almost certain if urged to guess the reason why the Department of Treasury chose Merrilton Bank, would be that, the statistical scoring models used for automatic loan approval or denial is what garnered the position of trust by the Department of Treasury to nominate Merrilton to administer the Small- Business Assistance Program, however, other lapses are evident in siloed environments as Merrilton’s. We can identify pockets of the four (4) elements of data governance (DG) which appear isolated from each other in terms of the designation and segmentation of responsibilities of the different departments. 1. People: It appears there are data stewards in the various departments managing each department, but overall program Data Owners & Managers are not mentioned to coordinate the integration of data from various sources which is a possible hinderance to an effective agile model development. 2. Process: Merrilton’s current processes are defined in individual departments with no unified organizational or enterprise level data access. Siloed data marts exist within the IT department and other supporting non-IT departments. The individualistic nature of operation leads to adhoc un-coordinated change management processes. Downloaded by mensur shikur (
[email protected]) lOMoARcPSD|15230373 https://www.studocu.com/en-us?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis Data and Information Governance Banking Analysis 3. Technology: The use of data-driven decision tools behind cloud-native mobile application, business analytic and data warehousing components are current as one would expect. 4. Content: The existence of quality training and testing data is evident from the highly centralized data warehouse that the business analytics department utilizes. The non-IT department siloes also provide centralized services but are rarely used in the decision making at the TOP (Enterprise level). B. Gap Analysis: It is necessary to develop a data governance strategy that provides a road map outlining the steps Merrilton should take to access, secure, analyze, and manage its customer data. It is obvious that there is no coordination between various departments due to the absence of effective management oversight and data governance processes to diligently prevent intrusion, protect customer data and maintain compliance. We will analyze the following gaps identified in the Merrilton Bank’s operational environment. 1. People: Data Owners must be appointed in each of the departments to coordinate access control procedures within their respective departments. Assigning data stewards and owners for various types of data is the key to clarity and accountability. They must know where their data resides, how its defined and integrated with other datasets within the enterprise. These personnel must be adequately trained in their roles to maintain the confidentiality and integrity of the data at their disposal and make it readily available when needed. Program managers are needed for such endeavors involving government programs and task orders to coordinate development and operational timelines ensuring cross- functional support among departments is prevalent. Executive sponsors were not mentioned in the Merrilton case study. This role is very crucial in maintaining support and funding for the program. 2. Process: It is necessary to establish internal policies for data use to ensure compliance, protect and preserve data, minimize risk, and enhance data analysis. It comes as a blessing to be Downloaded by mensur shikur (
[email protected]) lOMoARcPSD|15230373 Data and Information Governance Banking Analysis recognized by the federal government and awarded contracts to handle its programs however, it comes along with its bout of headaches. Analyzing the case study, Merrilton Bank does not have a compliance department to set and enforce policies required by the federal government. There was no mention of policies on how to handle the following federally mandated policies. Personal Health Information (PHI) Personal Identifiable Information (PII) Personal Credit Information (PCI) Merrilton Bank did not outline a data life-cycle policy framework by any of the departments mentioned in the case study. The shared-security model instituted by cloud providers should prompt Merrilton Bank to consider having a Mobile Computing Policy to regulate what should be stored on the cloud since the organization is developing cloud-native mobile apps. Strategies for Confidential document access controls must be clearly defined for security and compliance. Lastly, no insider threat process was stated to guarantee how customers data access by employees will be monitored to prevent fraudulent data access and usage. For the scope of this project, all processes cannot be enumerated but, at a minimum, the above policies should be embedded into the workflow to maintain compliance and reduce risk. 3. Technology: There are various tools and capabilities to enhance information security. Merrilton’s quest for modernization should move along with utilizing current systems with in-built security features designed to combat modern cyber security threats. Moving forward sometimes means looking rearward. Merrilton should secure funding for new systems and retire legacy systems and business processes that are redundant. Streamline access control by implementing robust steps to grant access to systems. Procedures must be in place to promptly close the systems access loop if an employee separates with the organization. Downloaded by mensur shikur (
[email protected]) lOMoARcPSD|15230373 https://www.studocu.com/en-us?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis Data and Information Governance Banking Analysis Data access technology like shared-file server systems must be made easily accessible and discoverable to provide actionable insights and analysis beyond regulatory compliance through group policies. 4. Content/Data: Merrilton’s data warehousing department did not mention policies and procedures in place to safeguard against data corruption. How will they determine if the data that is being ingested into the data warehouse is good? Data validation and testing must be implemented regularly to ensure the availability of good data and that was not stated in the case study. To ensure timeliness and completeness, changes to codes or terminologies must be communicated to all stakeholders and approved by a change management board. To ensure uninterrupted availability, real-time data replication methods should be implemented to switch to a secondary replica configured for disaster recovery in case of an outage of the primary database server. C. Achieving Readiness: The gap analysis of the case study in the previous section clearly shows the lapses needed addressing. Luckily, Merrilton Bank has the basic infrastructure in place to handle the task assigned by the Department of Treasury. We will focus on the four data governance elements as aligned to the Merrilton environment to plug the loopholes identified during the gap analysis. 1. People: Data stewards must be assigned, and training provided. If possible, they must achieve industry wide certification that aligns with their computing environment. For example, Oracle database administrators must obtain at least Oracle Certified Associate certification within 60 days from their hire date, if not already certified. They should be ready to competently resolve any issues that crops up. Program managers must be hired to coordinate progress and timeliness and to play a mediator role between the various departments and stakeholders. Downloaded by mensur shikur (
[email protected]) lOMoARcPSD|15230373 Data and Information Governance Banking Analysis An executive sponsor is needed to guarantee sponsorship and funding. Data owners or stewards must report on progress being made and be ready to communicate value regularly to the stakeholders to reinforce their acceptance and viability of the data governance endeavor. Configuration and compliance manager roles must be established to always enforce policy compliance. Security professional must be infused into the setup to monitor and safeguard data security. Internal and external auditors must be present in the organizational structure to ensure all policies are being adhered to per federal guidelines. Effective Performance by assignees of these roles will guarantee an increase in data security and access control if all work in coordination to achieve Merrilton’s goals. 2. Process: Streamlined, simplified, and well documented processes will go a long way to prevent or thwart any possible future cyber security breaches or incidents. Policies must be in place to safeguard the transmission of PII, PHI and PCIs. For example, redact all information containing social security numbers and encrypt IP addresses of critical systems when transmitting externally or over the internet. Data retention policies must be clearly specified to ensure backups are taken regularly and restore and recovery procedures are routinely tested and validated. Merrilton Bank should incorporate stricter authentication policies, programmed in the systems to enforce multifactor authentication and strong passwords. 3. Technology: Scanning technology like ACAS or NESSUS scanning utility must be deployed on all systems to check for possible vulnerabilities. These scanning utilities provide metrics that can be measured for compliance. Implement a federated access control like ACTIVE DIRECTORY accounts to enable a simplified User Account Control to promptly disable user accounts when separated from the organization. Downloaded by mensur shikur (
[email protected]) lOMoARcPSD|15230373 https://www.studocu.com/en-us?utm_campaign=shared-document&utm_source=studocu-document&utm_medium=social_sharing&utm_content=data-governance-banking-analysis Data and Information Governance Banking Analysis Merrilton needs to utilize visualization dashboarding applications like Oracle enterprise manager to monitor operating system resources (CPU, MEMORY, RAM) and provides the capability of database monitoring of datafiles and tablespace utilization and graphical database administration and event logging and reporting. 4. Content: The success or failure of the Small Business Assistance Program entrusted to Merrilton Bank will depend on the availability of GOOD QUALITY DATA. The data in Merrilton Bank’s databases must be accurate, reliable, and available always. The magnitude of the SBAP require robust and reliable processes. To guarantee zero downtime, Merrilton Bank should utilize disaster recovery applications like Oracle Dataguard or Goldengate to maintain Active-Active replication to switchover seamlessly in the event of an unexpected outage. Data life-cycle policies should be applied to all data banks to maintain up-to-date and pristine data in their repositories. Archiving strategies should be part of the data life-cycle policy. D. Agenda Items: The following recommendations are selected from the agenda items and are provided for consideration at Merrilton’s executives meeting. The need for additional infrastructure to support the new loan program. The criticality of SBAP data and storage modality solutions Disaster recovery consideration of SBAP-related data Applicable laws around the collection and use of SBAP data compliance. E. Agenda Justification: The need for additional infrastructure to support the new loan program. Downloaded by mensur shikur (
[email protected]) lOMoARcPSD|15230373 Data and Information Governance Banking Analysis The scope and nature of the new loan program requires visibility and strict oversight to comply with the additional federal regulations that Merrilton must adhere to. The implementation of advanced analytical, scanning and monitoring tools will simplify resource monitoring and administration. The business analytics department may currently have analytical tools for modeling statistical data but, the database administrators may simplify the monitoring of the Databases and Operating systems resources with the incorporation of Enterprise manager Cloud Control application. Oracle management agents can be installed on all database and Operating system servers and CPU, Memory, RAM, Login/Logout, Privilege escalation, select queries, inserts on tables and tablespaces, any many more could be monitored through a single cloud control console or dashboard without writing long exhaustive scripts. The criticality of SBAP data and storage modality solutions. The SBAP is designed to mitigate and avert a national economic crisis with a highly speculated and anticipated positive effect on the rest of the world’s economies. This means, the government aims to infuse financial aid to businesses that are on the verge of closure to pump some financial muscle into the economy. Economists and politicians have coined Austrian politician Von Metternich’s phrase about Paris and Europe with an American version as, when America sneezes, the rest of the world catches cold which underscores the dominance of the American economy in global economics. All that said, the success of the program will rely on data accuracy and confidential access control. A national program of this magnitude could present a fertile ground for bad actors who would like to gain unauthorized access and Merrilton Bank must bear that in mind to avoid any mishap and secure storage processes to maintain consistency and completeness. and availability of current and historical data collected from the applicants. The application process entails the submission of business EIN, Checking or Savings accounts, employer’s social security numbers for sole proprietors in some instances, annual business tax