Abstract:
There is much research and advice around de-identification techniques and data governance. This brings together the practical aspects to propose a simplified business model and framework for informed decision making for the minimisation of data leakage from non-production systems using the topology of data classification, data protection and the requirements of non-production environments.
The simplified model details the influences of legal and regulatory and business requirements on business systems and non-production environments.
The framework identifies six stages, and the interactions required to progress from the legal and regulatory standards applicable to political and geographical areas, through organisational requirements and business system to the purpose of the non-production environment to data treatment and protection, with a demonstration of compliance which occurs throughout each stage of the framework.
A table top exercise following a hypothetical, but realistic, scenario validates the model and framework.
