Further advice on defining a taxonomy
Published 07 March 2019
Who else is involved?
Different groups in your company may have an interest in Data Catalog, and they may have different needs. Typically, we find the following groups may be involved: information security team, database administrators, application developers, CTO, CSO, as well as non-technical people interested in what data is stored within the organization and how it is protected.
What do you ultimately want to achieve?
When defining your taxonomy, it's important to consider your main goals:
To share information across functions
To support and evidence technical policy (whether formally defined or more pragmatic), such as which columns to mask
To guide remediation work; where are the priorities for security access reviews?
How do people in your organization want to view the estate?
What questions do you think they’ll ask? Will some want to know:
- ‘Where is the data behind system x or application y?’
- ‘What systems is this data exposed in?’
- ‘Who looks after this database?’
- ‘Which data is externally accessible?’
- ‘Where did this come from?’