Rationale
By definition, fine-grained data lineage on critical data elements provide visibility on how the sensitive data flows throughout the organization from capture or origination to consumption via transformations.
This map reveals the access points on sensitive data. Hence, the IAM function should collaborate with the Data Office function to leverage this valuable information and integrate it into the access rights management process to mitigate the risk of unauthorized access.
Bad Practices
No coordination between the Data Office and IAM functions
No visibility in how sensitive data flows throughout the organization
Implementation Details
Liaise with the Data Office function to coordinate data lineage efforts
Re-use data lineage to gain a holistic view of sensitive data access points
Leverage data lineage to mitigate the risk of unauthorized access to sensitive data
Quotes
AC-2 ACCOUNT MANAGEMENT
Control: The organization:
(…) b. Assigns account managers for information system accounts; (…)
(NIST, 2013, p. F-7)
