Thursday, January 7, 2016 -
9:00am to 10:30am

Location Details: 

Information Technology Dept.
Room 208V
4201 Normandy Street North
Bismarck, ND 58503

Meeting Agenda:

  • News and Updates
  • Data Usage Agreements
  • Data Architecture Definitions
  • Database Security Best Practices
  • Continued Review of Standards
  • Open Discussion

Meeting Recap:

 
Data Usage Agreements
  • The group discussed the growing importance of Data Usage or Data Sharing Agreements between agencies or between an agency and another entity. There are some in place today but there appears to be many situations where an agreement does not exist and exposes an agency to risk. The Data Architecture team intends to develop some guidance or a template that agencies could use as a starting point.
Data Architecture Definitions
  • Sometimes terms mean different things to different people, so the Data Architecture group is working on creating a list of definitions for the most commonly used terms. Some standards include definitions, but the team feels having all definitions in one document or location would be easier to maintain. Many of the definitions may come from NIST.
Database Security Best Practices
  • In the process of further reviewing the Database Security Best Practices document, the group felt that getting more details about an application’s DB security requirements early on is very helpful and can avoid unexpected infrastructure cost increases. Some of the items could be added to the ITD Hosting Questionnaire and RFP Hosting Attachment, including a question about the minimum level of access on the database required by the vendor or application.
  • The team also intends to develop another document that would be a ‘cheat sheet’ for how to apply database security depending on the classification of the data, and help define the implications of having certain requirements for the application.