🤖〽️Prompt Engineering: Copilot Unabridged (Part 11: How the Danger of AI on Society Can Be Alleviated)

Prompt Engineering Series

Prompt: "write a blogpost of 600 words on how the danger of AI on society can be alleviated"

Introduction

Artificial Intelligence (AI) is rapidly transforming industries, improving efficiency, and driving innovation. However, as AI becomes more embedded in society, concerns about its risks grow. Issues such as bias, privacy invasion, job displacement, and security threats require proactive solutions. Rather than fearing AI’s expansion, society must focus on responsible development and regulation to alleviate potential dangers.

1. Implementing Ethical AI Frameworks

One of the most critical steps in reducing AI-related risks is the implementation of ethical guidelines. AI should be developed in ways that align with human values, fairness, and inclusivity. Strategies include:

• Bias reduction: Ensuring AI models are trained on diverse and representative datasets to prevent discrimination.
• Explainability: AI decisions must be transparent, allowing users to understand how conclusions are reached.
• Accountability: Companies should audit AI systems regularly to detect ethical violations.

Establishing strong governance structures ensures AI remains a positive force rather than a tool for unchecked automation.

2. Strengthening Data Privacy Regulations

AI depends on vast amounts of data, raising concerns about misuse, surveillance, and privacy violations. Strengthening privacy laws ensures AI operates within ethical boundaries. Governments and organizations can:

• Enforce data protection laws such as GDPR and CCPA to regulate AI-driven data collection.
• Promote secure data storage to prevent breaches and cyberattacks.
• Enhance consumer control over their personal information, allowing users to opt out of unnecessary AI-driven data tracking.

By prioritizing privacy and security, society can ensure AI is used ethically and responsibly.

3. Addressing AI-Driven Job Displacement

Automation powered by AI replaces human labor in various industries, creating concerns about mass unemployment and economic instability. Governments, businesses, and educational institutions must:

• Invest in workforce reskilling to help displaced workers transition to AI-related roles.
• Encourage AI augmentation rather than total automation - allowing AI to assist workers rather than replace them.
• Develop policies that support AI-driven job creation while mitigating mass layoffs.

A balanced approach ensures that AI improves productivity without harming employment opportunities.

4. Regulating AI in Autonomous Systems

AI plays a key role in autonomous vehicles, robotics, and military applications, which can pose serious risks if improperly managed. To minimize dangers:

• Governments must set strict regulations for self-driving technology to prevent accidents.
• AI-powered weaponry should be internationally regulated to prevent autonomous conflicts.
• AI-driven healthcare tools must be monitored by professionals to avoid errors in medical diagnostics.

Regulating AI applications in critical sectors prevents unintended harm to society.

5. Combating AI-Generated Misinformation

AI-driven misinformation - such as deepfakes, AI-generated fake news, and manipulated social media content - can harm democracy and trust in digital spaces. Solutions include:

• Developing AI fact-checking systems to detect and flag misleading information.
• Educating the public on recognizing AI-generated fake content.
• Enforcing platform accountability, requiring tech companies to monitor and moderate AI-driven misinformation.

AI’s potential for deception must be controlled to preserve trust in digital communication.

Conclusion: Shaping AI for a Safe Future

AI holds enormous potential, but without ethical development and responsible policies, it can become a threat rather than a benefit. By implementing fairness guidelines, regulating data usage, addressing job displacement, controlling autonomous AI, and combating misinformation, society can steer AI toward progress rather than chaos.

Disclaimer: The whole text was generated by Copilot at the first attempt. This is just an experiment to evaluate feature's ability to answer standard general questions, independently on whether they are correctly or incorrectly posed. Moreover, the answers may reflect hallucinations and other types of inconsistent or incorrect reasoning.

Previous Post <<||>> Next Post

🏭🗒️Microsoft Fabric: Data Loss Prevention (DLP) in Purview [Notes]

Disclaimer: This is work in progress intended to consolidate information from various sources for learning purposes. For the latest information please consult the documentation (see the links below)! 

Last updated: 10-Jun-2025

[Microsoft Purview] Data Loss Prevention (DLP)

• {def} the practice of protecting sensitive data to reduce the risk from oversharing [2]
• implemented by defining and applying DLP policies [2]
• {benefit} helps to protect sensitive information with policies that automatically detect, monitor, and control the sharing or movement of sensitive data [1]
• administrators can customize rules to block, restrict, or alert when sensitive data is transferred to prevent accidental or malicious data leaks [1]
• {concept} DLP policies
• allow to monitor the activities users take on sensitive items and then take protective actions [2]
• applies to sensitive items 
• at rest
• in transit [2]
• in use [2]
• created and maintained in the Microsoft Purview portal [2]
• {scope} only supported for Power BI semantic models [1]
• {action} show a pop-up policy tip to the user that warns that they might be trying to share a sensitive item inappropriately [2]
• {action} block the sharing and, via a policy tip, allow the user to override the block and capture the users' justification [2]
• {action} block the sharing without the override option [2]
• {action} [data at rest] sensitive items can be locked and moved to a secure quarantine location [2]
• {action} sensitive information won't be displayed 
• e.g. Teams chat
• DLP reports
• provides data from monitoring policy matches and actions, to user activities [2]
• used as basis for tuning policies and triage actions taken on sensitive items [2]
• telemetry uses M365 audit Logs and processed the data for the different reporting tools [2]
• M365 provides with visibility into risky user activities [2]
• scans the audit logs for risky activities and runs them through a correlation engine to find activities that are occurring at a high volume [1]
• no DLP policies are required [2]
• {feature} detects sensitive items by using deep content analysis [2]
• ⇐ not by just a simple text scan [2]
• based on
• keywords matching [2]
• evaluation of regular expressions [2] 
• internal function validation [2]
• secondary data matches that are in proximity to the primary data match [2]
• ML algorithms and other methods to detect content that matches DLP policies
• all DLP monitored activities are recorded to the Microsoft 365 Audit log [2]
• DLP lifecycle
• {phase} plan for DLP
• train and acclimate users to DLP practices on well-planned and tuned policies [2]
• {recommendation} use policy tips to raise awareness with users before changing the policy status from simulation mode to more restrictive modes [2]
• {phase} prepare for DLP
• {phase} deploy policies in production
• {action} define control objectives, and how they apply across workloads [2]
• {action} draft a policy that embodies the objectives
• {action} start with one workload at a time, or across all workloads - there's no impact yet
• {feature} implement policies in simulation mode
• {benefit} allows to evaluate the impact of controls
• the actions defined in a policy aren't applied yet
• {benefit} allows to monitor the outcomes of the policy and fine-tune it so that it meets the control objectives while ensuring it doesn't adversely or inadvertently impacting valid user workflows and productivity [2]
• e.g. adjusting the locations and people/places that are in or out of scope
• e.g. tune the conditions that are used to determine if an item and what is being done with it matches the policy
• e.g. the sensitive information definition/s
• e.g. add new controls
• e.g. add new people
• e.g. add new restricted apps
• e.g. add new restricted sites
• {step} enable the control and tune policies [2]
• policies take effect about an hour after being turned on [2]
• {action} create DLP policy 
• {action} deploy DLP policy 
• DLP alerts 
• alerts generated when a user performs an action that meets the criteria of a DLP policy [2]
• there are incident reports configured to generate alerts [2]
• {limitation} available in the alerts dashboard for 30 days [2]
• DLP posts the alert for investigation in the DLP Alerts dashboard
• {tool} DLP Alerts dashboard 
• allows to view alerts, triage them, set investigation status, and track resolution
• routed to Microsoft Defender portal 
• {limitation} available for six months [2]
• {constraint} administrative unit restricted admins see the DLP alerts for their administrative unit only [2]
• {concept} egress activities (aka exfiltration)
• {def} actions related to exiting or leaving a space, system or network [2]
• {concept}[Microsoft Fabric] policy
• when a DLP policy detects a supported item type containing sensitive information, the actions configured in the policy are triggered [3]
• {feature} Activity explorer
• allows to view Data from DLP for Fabric and Power BI
• for accessing the data, user's account must be a member of any of the following roles or higher [3]
• Compliance administrator
• Security administrator
• Compliance data administrator
• Global Administrator 
• {warning} a highly privileged role that should only be used in scenarios where a lesser privileged role can't be used [3]
• {recommendation} use a role with the fewest permissions [3]
• {warning} DLP evaluation workloads impact capacity consumption [3]
• {action} define policy
• in the data loss prevention section of the Microsoft Purview portal [3]
• allows to specify 
•  conditions 
• e.g. sensitivity labels
•  sensitive info types that should be detected [3]
• [semantic model] evaluated against DLP policies 
• whenever one of the following events occurs:
• publish
• republish
• on-demand refresh
• scheduled refresh
•  the evaluation  doesn't occur if either of the following is true
• the initiator of the event is an account using service principal authentication [3]
• the semantic model owner is a service principal [3]
• [lakehouse] evaluated against DLP policies when the data within a lakehouse undergoes a change
• e.g. getting new data, connecting a new source, adding or updating existing tables, etc. [3]

Previous Post <<||>> Next Post 

References:

[1] Microsoft Learn (2025) Learn about data loss prevention [link]

[2] Microsoft Learn (2024) Purview: Learn about data loss prevention [link]

[3] Microsoft Learn (2025) Get started with Data loss prevention policies for Fabric and Power BI [link]

Resources:

[R1] Microsoft Fabric Updates Blog (2024) Secure Your Data from Day One: Best Practices for Success with Purview Data Loss Prevention (DLP) Policies in Microsoft Fabric [link]
[R2] 

Acronyms:

DLP - Data Loss Prevention
M365 - Microsoft 365

🌌🏭KQL Reloaded: First Steps (Part V: Database Metadata)

When working with a new data repository, one of the first things to do is to look at database's metadata, when available, and try to get a birds eye view of what's available, how big is the databases in terms of size, tables and user-defined objects, how the schema was defined, how the data are stored, eventually how often backup are taken, what users have access and to what, etc. 

So, after creating some queries in KQL and figuring out how things work, I tried to check what metadata are available, how it can be accessed, etc. The target is not to provide a full list of the available metadata, but to understand what information is available, in what format, how easy is to extract the important metadata, etc. 

So, the first set of metadata is related to database:

// get database metadata metadata
.show databases (ContosoSales)

// get database metadata metadata (multiple databases)
.show databases (ContosoSales, Samples)

// get database schema metadata
.show databases (ContosoSales) schema

// get database schema metadata (multiple databases) 
.show databases (ContosoSales, Samples) schema

// get database schema violations metadata
.show database ContosoSales schema violations

// get database entities metadata
.show databases entities with (showObfuscatedStrings=true)
| where DatabaseName == "ContosoSales"

// get database metadata 
.show databases entities with (resolveFunctionsSchema=true)
| where DatabaseName == "ContosoSales" and EntityType == "Table"
//| summarize count () //get the number of tables

// get a function's details
.show databases entities with (resolveFunctionsSchema=true)
| where DatabaseName == "ContosoSales" 
    and EntityType == "Function" 
    and EntityName == "SalesWithParams"

// get external tables metadata
.show external tables

// get materialized views metadata
.show materialized-views

// get query results metadata
.show stored_query_results

// get entities groups metadata
.show entity_groups

Then, it's useful to look at the database objects. 

// get all tables 
.show tables 
//| count

// get tables metadata
.show tables (Customers, NewSales)

// get tables schema
.show table Customers cslschema

// get schema as json
.show table Customers schema as json

// get table size: Customers
Customers
| extend sizeEstimateOfColumn = estimate_data_size(*)
| summarize totalSize_MB=round(sum(sizeEstimateOfColumn)/1024.00/1024.00,2)

Unfortunately, the public environment has restrictions in what concerns the creation of objects, while for the features available one needs to create some objects to query the corresponding metadata.

Furthermore, it would be interesting to understand who has access to the various repositories, what policies were defined, and so on. 

// get principal roles
.show database ContosoSales principal roles

// get principal roles for table
.show table Customers principal roles

// get principal roles for function:
.show function SalesWithParams principal roles

// get retention policies
.show table Customers policy retention

// get sharding policies
.show table Customers policy sharding

There are many more objects one can explore. It makes sense to document the features, respectively the objects used for the various purposes.

In addition, one should check also the best practices available for the data repository (see [2]).

Happy coding!

Previous Post <<||>> Next Post

References:
[1] Microsoft Learn (2024) Management commands overview [link]
[2] Microsoft Learn (2024) Kusto: Best practices for schema management [link]

𖣯Strategic Management: Inflection Points and the Data Mesh (Quote of the Day)

Strategic Management Series

"Data mesh is what comes after an inflection point, shifting our approach, attitude, and technology toward data. Mathematically, an inflection point is a magic moment at which a curve stops bending one way and starts curving in the other direction. It’s a point that the old picture dissolves, giving way to a new one. [...] The impacts affect business agility, the ability to get value from data, and resilience to change. In the center is the inflection point, where we have a choice to make: to continue with our existing approach and, at best, reach a plateau of impact or take the data mesh approach with the promise of reaching new heights." [1]

I tried to understand the "metaphor" behind the quote. As the author through another quote pinpoints, the metaphor is borrowed from Andrew Groove:

"An inflection point occurs where the old strategic picture dissolves and gives way to the new, allowing the business to ascend to new heights. However, if you don’t navigate your way through an inflection point, you go through a peak and after the peak the business declines. [...] Put another way, a strategic inflection point is when the balance of forces shifts from the old structure, from the old ways of doing business and the old ways of competing, to the new." [2]

The second part of the quote clarifies the role of the inflection point - the shift from a structure, respectively organization or system to a new one. The inflection point is not when we take a decision, but when the decision we took, and the impact shifts the balance. If the data mesh comes after the inflection point (see A), then there must be some kind of causality that converges uniquely toward the data mesh, which is questionable, if not illogical. A data mesh eventually makes sense after organizations reached a certain scale and thus is likely improbable to be adopted by small to medium businesses. Even for large organizations the data mesh may not be a viable solution if it doesn't have a proven record of success. 

I could understand if the author would have said that the data mesh will lead to an inflection point after its adoption, as is the case of transformative/disruptive technologies. Unfortunately, the tracking record of BI and Data Analytics projects doesn't give many hopes for such a magical moment to happen. Probably, becoming a data-driven organization could have such an effect, though for many organizations the effects are still far from expectations. 

There's another point to consider. A curve with inflection points can contain up and down concavities (see B) or there can be multiple curves passing through an inflection point (see C) and the continuation can be on any of the curves.

Examples of Inflection Points [3]

The change can be fast or slow (see D), and in the latter it may take a long time for change to be perceived. Also [2] notes that the perception that something changed can happen in stages. Moreover, the inflection point can be only local and doesn't describe the future evolution of the curve, which to say that the curve can change the trajectory shortly after that. It happens in business processes and policy implementations that after a change was made in extremis to alleviate an issue a slight improvement is recognized after which the performance decays sharply. It's the case of situations in which the symptoms and not the root causes were addressed. 

More appropriate to describe the change would be a tipping point, which can be defined as a critical threshold beyond which a system (the organization) reorganizes/changes, often abruptly and/or irreversible.

Previous Post <<||>> Next Post

References:
[1] Zhamak Dehghani (2021) Data Mesh: Delivering Data-Driven Value at Scale (book review)
[2] Andrew S Grove (1988) "Only the Paranoid Survive: How to Exploit the Crisis Points that Challenge Every Company and Career"
[3] SQL Troubles (2024) R Language: Drawing Function Plots (Part II - Basic Curves & Inflection Points) (link)

💼Project Management: Methodologies (Part I: Agile Manifesto Reloaded I - An Introduction)

 

There are so many books written on agile methodologies, each attempting to depict the realities of software development projects. There are many truths considered in them, though they seem to blend in a complex texture in which the writer takes usually the position of a preacher in which the sins of the traditional technologies are contrasted with the agile principles. In extremis everything done in the past seems to be wrong, while the agile methods seem to be a panacea, which is seldom the case.

There are already 20 years since the agile manifesto was published and the methodologies adhering to the respective principles don’t seem to provide the expected success, suffering from the same chronical symptoms of their predecessors - they are poorly understood and implemented, tend to function after hammer’s principle, respectively the software development projects still deliver poor results. Moreover, there are more and more professionals who raise their voice against agile practices.

Frankly, the principles behind the agile manifesto make sense. A project should by definition satisfy stakeholders’ requirements, ideally through regular deliveries that incorporate the needed functionality while gradually seeking to get early feedback from customers, respectively involve the customer through all project’s duration, working together to deliver a feasible product. Moreover, self-organizing teams, face-to-face meetings, constant pace, technical excellence should allow minimizing the waste, respectively maximizing the efficiency in the project. Further aspects like simplicity, good design and architecture should establish a basis for success.

Re-reading the agile manifesto, even if each read pulls from experience more and more pro and cons, the manifesto continues to look like a Christmas wish-list. Even if the represented ideas make sense and satisfy a specific need, they are difficult to achieve in a project’s context and setup. Each wish introduces a constraint that brings with it its own limitations. Unfortunately, each policy introduced by a methodology follows the same pattern, no matter of the methodology considered. Moreover, the wishes cover only a small subset from a project’s texture, are general and let lot of space for interpretation and implementation, though the same can be said about any principles that don’t provide a coherent worldview or a conceptual model.

The software development industry needs a coherent worldview that reflects its assumptions, models, characteristics, laws and challenges. Software Engineering (SE) attempts providing such a worldview though unfortunately is too complex for many and there seem to be a big divide when considered in respect to the worldviews introduced by the various Project Management (PM) methodologies. Studying one or two PM methodologies, learning a few programming languages and even the hand on experience on a few projects won’t fill the gaps in knowledge associated with the SE worldview.

Organizations don’t seem to see the need for professionals of having a formal education in SE. On the other side is expected from employees to have by default some of the skillset required, which is not the case. Besides understanding and implementing a technology there are a set of knowledge areas in which the IT professional must have at least a high-level knowledge if it’s expected from him/her to think critically about the respective areas. Unfortunately, the lack of such knowledge leads sometimes to situations which can impact negatively projects.

Almost each important word from the agile manifesto pulls with it a set of concepts from a SE’ worldview – customer satisfaction, software delivery, working software, requirements management, change management, cooperation, teamwork, trust, motivation, communication, metrics, stakeholders’ management, good design, good architecture, lessons learned, performance management, etc. The manifesto needs to be regarded from a SE’s eyeglasses if one expects value from it.

Previous Post <<||>>  Next Post

🛡️Information Security: Data Leak/Loss Prevention (Definitions)

"Attempts to prevent the loss of confidentiality of sensitive information by limiting the use of confidential information only for authorized purposes." (David G Hill, "Data Protection: Governance, Risk Management, and Compliance", 2009)

"A feature that protects data on laptops by enabling file-level authentication and secure erase options in the event that a laptop is lost or stolen." (CommVault, "Documentation 11.20", 2018)

"A set of technologies and inspection techniques used to classify information content contained within an object—such as a file, an email, a packet, an application or a data store - while at rest (in storage), in use (during an operation), or in transit (across a network). DLP tools also have the ability to dynamically apply a policy—such as log, report, classify, relocate, tag, and encrypt - and/or apply enterprise data rights management protections." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The actions that organizations take to prevent unauthorized external parties from gaining access to sensitive data." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

"Data loss prevention (DLP; also known as data leak prevention) is a computer security term referring to systems that identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, and so on) and with a centralized management framework. Systems are designed to detect and prevent unauthorized use and transmission of confidential information." (Robert F Smallwood, "Information Governance for Healthcare Professionals", 2018)

 "A capability that detects and prevents violations to corporate policies regarding the use, storage, and transmission of sensitive data. Its purpose is to enforce policies to prevent unwanted dissemination of sensitive information." (Forrester)

"A systems ability to identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through deep packet content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.), within a centralized management framework. Data loss prevention capabilities are designed to detect and prevent the unauthorized use and transmission of NSS information." (CNSSI 4009-2015 CNSSI 1011)

"Data loss protection (DLP) describes a set of technologies and inspection techniques used to classify information content contained within an object - such as a file, email, packet, application or data store - while at rest (in storage), in use (during an operation) or in transit (across a network). DLP tools are also have the ability to dynamically apply a policy - such as log, report, classify, relocate, tag and encrypt - and/or apply enterprise data rights management protections." (Gartner)

"Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer." (TechTarget) [source]

"Data loss prevention (DLP) makes sure that users do not send sensitive or critical information outside the corporate network. The term describes software products that help a network administrator control the data that users can transfer." (proofpoint) [source]

🛡️Information Security: Cybersecurity (Definitions)

 "The art of ensuring the existence and continuity of the Information Society of a nation, guaranteeing and protecting, in Cyberspace, its information assets and critical infrastructure." (Claudia Canongia & Raphael Mandarino, "Cybersecurity: The New Challenge of the Information Society", 2012)

"The act of protecting technology, information, and networks from attacks." (Jason Williamson, "Getting a Big Data Job For Dummies", 2015)

"The practice of protecting computers and electronic communication systems as well as the associated information." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"Cybersecurity deals with damage to, unauthorized use of, exploitation of electronic information and communications systems that ensure confidentiality, integrity and availability." (Sanjukta Pookulangara, "Cybersecurity: What Matters to Consumers - An Exploratory Study", 2016)

"Focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction." (Kimberly Lukin, "Russian Cyberwarfare Taxonomy and Cybersecurity Contradictions between Russia and EU", 2016)

"The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation." (Olivera Injac & Ramo Šendelj, "National Security Policy and Strategy and Cyber Security Risks", 2016)

"The ability to protect against the unauthorized use of electronic data and malicious activity. This electronic data can be personal customer information such as names, addresses, social security numbers, credit cards, and debit cards, to name a few." (Brittany Bullard, "Style and Statistics", 2016)

"A trustworthiness property concerned with the protection of systems from cyberattacks." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"Information security (infosec) but broadly referring to technology and human systems that are built around the secure exchange, storage, and management of information." (Shalin Hai-Jew, "Safe Distances: Online and RL Hyper-Personal Relationships as Potential Attack Surfaces", 2018)

"Is defined as the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment, organization, and user assets." (Thokozani I Nzimakwe, "Government's Dynamic Approach to Addressing Challenges of Cybersecurity in South Africa", 2018)

"Protection against criminal access to one’s data and information and against criminal manipulation of computer networks/data/systems." (Shalin Hai-Jew, "Beware!: A Multimodal Analysis of Cautionary Tales in Strategic Cybersecurity Messaging Online", 2018)

"The collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies that can be used to protect the cyberspace environment and organization and users’ assets." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The organization and collection of resources, processes, and structures used to protect cyberspace from occurrences that misalign de jure from de facto property rights." (Mika Westerlund et al, "A Three-Vector Approach to Blind Spots in Cybersecurity", 2018)

"A computing-based discipline involving technology, people, information, and processes to enable assured operations. It involves the creation, operation, analysis, and testing of secure computer systems. It is an interdisciplinary course of study, including aspects of law, policy, human factors, ethics, and risk management in the context of adversaries." (Matt Bishop et al, "Cybersecurity Curricular Guidelines", 2019)

"Acts taken, technologies created and deployed, policies written and enacted, to protect computer systems and networks against misuse, intrusion, and exploitation." (Shalin Hai-Jew, "The Electronic Hive Mind and Cybersecurity: Mass-Scale Human Cognitive Limits to Explain the “Weakest Link” in Cybersecurity", 2019)

"Also known as computer security or IT security, is the protection of computer systems from the theft or damage to the hardware, software or the information on them, as well as from disruption or misdirection of the services they provide." (Soraya Sedkaoui, "Big Data Analytics for Entrepreneurial Success", 2019)

"Includes process, procedures, technologies, and controls designed to protect systems, networks, and data." (Sandra Blanke et al, "How Can a Cybersecurity Student Become a Cybersecurity Professional and Succeed in a Cybersecurity Career?", 2019)

"The protection of computer systems from theft and damage to their assets and from manipulation and distraction of their services." (Viacheslav Izosimov & Martin Törngren, "Security Awareness in the Internet of Everything", 2019)

"The protection of internet-connected systems including hardware, software, and data from cyberattacks."  (Semra Birgün & Zeynep Altan, "A Managerial Perspective for the Software Development Process: Achieving Software Product Quality by the Theory of Constraints", 2019)

"Cybersecurity is seen where security alerts and cyber-attacks are becoming more frequent and malicious, these threats include private access attempts and exploitation software or phishing, malware, web application attacks, and network penetration." (Theunis G Pelser & Garth Gaffley, "Implications of Digital Transformation on the Strategy Development Process for Business Leaders", 2020)

"Is the protection of internet-connected systems, including hardware, software and data, from cyberattacks. In a computing context, security comprises cybersecurity and physical security - both are used by enterprises to protect against unauthorized access to data centers and other computerized systems." (Alexander A Filatov, "Sovereign Bureaucrats vs. Global Tech Companies: Ethical and Regulatory Challenges", 2020)

"It is a general term which describes technologies, processes, methods, and practices for the purpose of protection of internet-connected information systems from attacks, i.e., cyberattacks. Cybersecurity can refer to security of data, software or hardware within information systems." (Ana Gavrovska & Andreja Samčović, "Intelligent Automation Using Machine and Deep Learning in Cybersecurity of Industrial IoT: CCTV Security and DDoS Attack Detection", 2020)

"Cybersecurity is an act to protect data, devices, applications, servers, network from the malicious attack through various tools and techniques. The process also ensures the confidentiality, integrity, availability, and non-repudiation of the content." (Shafali Agarwal, "Preserving Information Security Using Fractal-Based Cryptosystem", 2021)

"Cybersecurity refers to the set of technologies, processes, and practices designed to safeguard networks, devices, programs, and data from attack, threats, or unauthorized access." (Sanjeev Rao et al, "Online Social Networks Misuse, Cyber Crimes, and Counter Mechanisms", 2021)

"It is the organization and collection of resources, processes, and structures used to protect cyberspace from security events." (Carlos A M S Teles et al, "A Black-Box Framework for Malicious Traffic Detection in ICT Environments", Handbook of Research on Cyber Crime and Information Privacy, 2021)

"Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation." (CNSSI 4009-2015)

"The ability to protect or defend the use of cyberspace from cyber attacks." (NISTIR 8170)

"The prevention of damage to, unauthorized use of, exploitation of, and - if needed - the restoration of electronic information and communications systems, and the information they contain, in order to strengthen the confidentiality, integrity and availability of these systems." (NISTIR 8074 Vol. 2)

"The process of protecting information by preventing, detecting, and responding to attacks." (NISTIR 8183)

🛡️Information Security: Security Policy (Definitions)

"The active policy on the client's computer that programmatically generates a granted set of permissions from a set of requested permissions. A security policy consists of several levels that interact; by default only permissions granted by all layers are allowed to be granted." (Damien Watkins et al, "Programming in the .NET Environment", 2002)

"A collection of standards, policies, and procedures created to guarantee the security of a system and ensure auditing and compliance." (Carlos Coronel et al, "Database Systems: Design, Implementation, and Management" 9th Ed, 2011)

"The set of decisions that govern security controls." (Mark Rhodes-Ousley, "Information Security: The Complete Reference" 2nd Ed., 2013)

"In label-based access control, a database object that is associated with one or more tables and that defines how LBAC can be used to protect those tables. The security policy defines what security labels can be used, how the security labels are compared to each other, and whether optional behaviors are used. See also label-based access control, security label." (IBM, "Informix Servers 12.1", 2014)

"A written statement describing the constraints or behavior an organization embraces regarding the information provided by its users" (Nell Dale & John Lewis, "Computer Science Illuminated" 6th Ed., 2015)

"Strategic tool used to dictate how sensitive information and resources are to be managed and protected." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"Set of rules, guidelines and procedures represented in official security documents that define way in which state will protect its own national security interests." (Olivera Injac & Ramo Šendelj, "National Security Policy and Strategy and Cyber Security Risks", 2016)

"A set of rules and practices that specify or regulate how a system or an organization provides security services to protect sensitive and critical system resources." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"A statement of the rules governing the access to a system’s protected resources." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"In label-based access control, a database object that is associated with one or more tables and that defines how LBAC can be used to protect those tables. The security policy defines what security labels can be used, how the security labels are compared to each other, and whether optional behaviors are used. See also label-based access control, security label." (Sybase, "Open Server Server-Library/C Reference Manual", 2019)

"A set of criteria for the provision of security services." (CNSSI 4009-2015 NIST)

 "A set of methods for protecting a database from accidental or malicious destruction of data or damage to the database infrastructure." (Oracle)

"Security policies define the objectives and constraints for the security program. Policies are created at several levels, ranging from organization or corporate policy to specific operational constraints (e.g., remote access). In general, policies provide answers to the questions 'what' and 'why' without dealing with 'how'. Policies are normally stated in terms that are technology-independent." (NIST SP 800-82 Rev. 2)

🧱IT: Asset (Definitions)

[process asset:] "Anything that the organization considers useful in attaining the goals of a process area." (Sandy Shrum et al, "CMMI: Guidelines for Process Integration and Product Improvement", 2003)

[organizational process assets:] "Artifacts that relate to describing, implementing, and improving processes (e.g., policies, measurements, process descriptions, and process implementation support tools). The term process assets is used to indicate that these artifacts are developed or acquired to meet the business objectives of the organization, and they represent investments by the organization that are expected to provide current and future business value." (Sandy Shrum et al, "CMMI: Guidelines for Process Integration and Product Improvement", 2003)

[process asset:] "Artifacts that relate to describing, implementing, and improving processes (e.g., policies, process descriptions, guidance, examples, aids, checklists, project closeout reports, metrics data, and training materials). The artifacts meet the organization’s business objectives, and represent investments expected to provide current and future business value." (Richard D Stutzke, "Estimating Software-Intensive Systems: Projects, Products, and Processes", 2005)

[organizational process assets:] "Any or all process-related assets, from any or all of the organizations involved in the project that are or can be used to influence the project's success. These process assets include formal and informal plans, policies, procedures, and guidelines. The process assets also include the organizations’ knowledge bases such as lessons learned and historical information." (Project Management Institute, "Practice Standard for Project Estimating", 2010)

[organizational process assets:] "Any or all process related assets, from any or all of the organizations involved in the project that are or can be used to influence the project's success. These process assets include formal and informal plans, policies, procedures, and guidelines. The process assets also include the organizations' knowledge bases such as lessons learned and historical information." (Cynthia Stackpole, "PMP Certification All-in-One For Dummies", 2011)

[IT assets:] "Tangible deliverables created during the course of an IT project that can be used in other similar projects. Examples include design, software code, or a testing scenario." (Janice M Roehl-Anderson, "IT Best Practices for Financial Managers", 2010)

[organizational process assets:] "Plans, processes, policies, procedures, and knowledge bases specific to and used by the performing organization. " (Project Management Institute, "The Standard for Portfolio Management" 3rd Ed., 2012)

[organizational process assets:] "Plans, processes, policies, procedures, and knowledge bases that are specific to and used by the performing organization." (For Dummies, "PMP Certification All-in-One For Dummie", 2nd Ed., 2013)

[Software assets:] "software tools needed to manipulate the organization's information to accomplish the organization's mission." ( Manish Agrawal, "Information Security and IT Risk Management", 2014)

"Data contained in an information system; or a service provided by a system; or a system capability, such as processing power or communication bandwidth; or an item of system equipment (that is, a system component - hardware, firmware, software, or documentation); or a facility that houses system operations and equipment." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"Any item that has value to the organisation." (ISO/IEC 27000:2012)

🧱IT: IT Governance (Definitions)

"Framework for the leadership, organizational structures and business processes, standards and compliance to these standards, which ensure that the organization’s IT supports and enables the achievement of its strategies and objectives." (Alan Calder, "IT Governance: Guidelines for Directors", 2005)

"The processes, policies, relationships, and mechanisms that ensure that information technology delivers business value while balancing risk and investment decisions. IT governance ensures accountability and provides rigor for managing IT capabilities in the context of a larger corporate governance framework." (Evan Levy & Jill Dyché, "Customer Data Integration", 2006)

"Addresses the application of governance to an IT organization and its people, processes, and information to guide the way those assets support the needs of the business. It may be characterized by assigning decision rights and measures to processes." (Tilak Mitra et al, "SOA Governance", 2008)

"IT governance is the system and structure for defining policy and monitoring and controlling the policy implementation, and managing and coordinating the procedures and resources aimed at ensuring the efficient and effective execution of services." (Anton Joha & Marijn Janssen, "The Strategic Determinants of Shared Services", 2008)

"The discipline of managing IT as a service to the business, aligning IT objectives with business goals." (Allen Dreibelbis et al, "Enterprise Master Data Management", 2008)

"An integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure the enterprise’s IT sustains and extends the organization’s strategies and objectives." (Edephonce N Nfuka & Lazar Rusu, IT Governance in the Public Sector in a Developing Country, 2009)

"(1) Locus of IT decision-making authority (narrow definition). (2) The distribution of IT decision-making rights and responsibilities among different stakeholders in the organization, and the rules and procedures for making and monitoring decisions on strategic IT concerns (comprehensive definition)." (Ryan R Peterson, "Trends in Information Technology Governance", 2009)

"Structure of relationships and processes to direct and control the IT enterprise to achieve IT’s goals by adding value while balancing risk versus return over IT and its processes." (IT Governance Institute, "IT Governance Implementation Guide, Using COBIT and Val IT", 2010)

"The discipline of tracking, managing, and steering an IS/IT landscape. Architectural governance is concerned with change processes (design governance). Operational governance looks at the operational performance of systems against contracted performance levels, the definition of operational performance levels, and the implementation of systems that ensure the effective operation of systems." (David Lyle & John G Schmidt, "Lean Integration", 2010)

"Formally established statements that direct the policies regarding IT alignment with organizational goals and allocation of resources." (Linda Volonino & Efraim Turban, "Information Technology for Management 8th Ed", 2011)

"Supervision monitoring and control of an organization's IT assets." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed, 2011)

"The processes and relationships that lead to reasoned decision making in IT." (Steven Romero, "Eliminating ‘Us and Them’", 2011)

"The function of ensuring that the enterprise's IT activities match and support the organization's strategies and objectives. Governance is very often associated with budgeting, project management, and compliance activities." (Bill Holtsnider & Brian D Jaffe, "IT Manager's Handbook" 3rd Ed, 2012)

"Controls and process to improve the effectiveness of information technology; also, the primary way that stakeholders can ensure that investments in IT create business value and contribute toward meeting business objectives." (Robert F Smallwood, "Information Governance: Concepts, Strategies, and Best Practices", 2014)

"Processes used to ensure that IT resources are aligned with the goals of the organization. Organizations often use frameworks to help them with IT governance." (Darril Gibson, "Effective Help Desk Specialist Skills", 2014)

"The framework of rules and practices by which an organization structures its technology decision-making process in order to ensure alignment of the organization's business strategy with its operations." (David K Pham, "From Business Strategy to Information Technology Roadmap", 2016)

"Set of methods and techniques for reaching full alignment between business strategy and IT strategy." (Dalia S Vugec, "IT Strategic Grid: A Longitudinal Multiple Case Study", 2019)

"The processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals." (Lili Aunimo et al, "Big Data Governance in Agile and Data-Driven Software Development: A Market Entry Case in the Educational Game Industry", 2019)

"The structures, processes, and mechanisms by which the current and future use of ICT is directed and controlled." (Konstantinos Tsilionis & Yves Wautelet, "Aligning Strategic-Driven Governance of Business IT Services With Their Agile Development: A Conceptual Modeling-Based Approach", 2021)

"IT governance (ITG) is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals." (Gartner)

"The system by which the current and future use of IT is directed and controlled, Corporate Governance of IT involves evaluating and directing the use of IT to support the organisation and monitoring this use to achieve plans." (ISO/IEC 38500)

🤝Governance: Guideline (Definitions)

"An indication or outline of policy or conduct. Adherence to guidelines is recommended but is not mandatory." (Tilak Mitra et al, "SOA Governance", 2008)

"A kind of business rule that is suggested, but not enforced." (David C Hay, "Data Model Patterns: A Metadata Map", 2010)

"An official recommendation or advice that indicates policies, standards, or procedures for how something should be accomplished." (For Dummies, "PMP Certification All-in-One For Dummies, 2nd Ed.", 2013)

"A document that support standards and policies, but is not mandatory." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"Non-enforced suggestions for increasing functioning and performance." (Mike Harwood, "Internet Security: How to Defend Against Attackers on the Web" 2nd Ed., 2015)

"Recommended actions and operational guides for users, IT staff, operations staff, and others when a specific standard does not apply." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed, 2018)

"A description of a particular way of accomplishing something that is less prescriptive than a procedure." (ISTQB)

"A description that clarifies what should be done and how, to achieve the objectives set out in policies"

(ISO/IEC 13335-1:2004)

🤝Governance: Policy (Definitions)

"A general, usually strategically focused statement, rule, or regulation that describes how a particular activity, operation, or group of operations will be carried out within a company." (Steven Haines, "The Product Manager's Desk Reference", 2008)

"A deliberate plan of action to guide decisions and achieve rationale outcomes." (Tilak Mitra et al, "SOA Governance", 2008)

"Clear and measurable statements of preferred direction and behaviour to condition the decisions made within an organization." (ISO/IEC 38500:2008, 2008)

"The encoding of rules particular to a business domain, its data content, and the application systems designed to operate in this domain on this set of data." (Alex Berson & Lawrence Dubov, "Master Data Management and Data Governance", 2010)

"A rule or principle that guides or constrains the behavior of someone given decision rights. Policies provide guidelines, sometimes set limits, and sometimes enables behavior. Policies guide decision rights, which are generally conditional." (Paul C Dinsmore et al, "Enterprise Project Governance", 2012)

"A structured pattern of actions adopted by an organization such that the organization’s policy can be explained as a set of basic principles that govern the organization’s conduct." (For Dummies, "PMP Certification All-in-One For Dummies, 2nd Ed.", 2013)

"A high-level overall plan, containing a set of principles that embrace the general goals of the organization and are used as a basis for decisions. A policy can include some specifics of processes allowed and not allowed." (Robert F Smallwood, "Information Governance: Concepts, Strategies, and Best Practices", 2014)

"The intentions of an organisation as formally expressed by its top management [1]" (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"A document that regulates conduct through a general statement of beliefs, goals, and objectives." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"A structured pattern of actions adopted by an organization such that the organization's policy can be explained as a set of basic principles that govern the organization's conduct." (Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK® Guide)" 6th Ed., 2017)

"A high-level overall plan, containing a set of principles that embrace the general goals of the organization and are used as a basis for decisions. Can include some specifics of processes allowed and not allowed." (Robert F Smallwood, "Information Governance for Healthcare Professionals", 2018)

"A statement of objectives, rules, practices or regulations governing the activities of people within a certain context." (NISTIR 4734)

"Statements, rules, or assertions that specify the correct or expected behavior of an entity." (NIST SP 1800-15B)

🔬Data Science: Simulation Model (Definitions)

"A 'what-if' model that attempts to simulate the effects of alternative management policies and assumptions about the firm's external environment. It is basically a tool for management's laboratory." (Jae K Shim & Joel G Siegel, "Budgeting Basics and Beyond", 2008)

"Simulation models are formal representations of a portion of reality. Simulation models allow managers to share and test assumptions about problem causes and solutions." (Luis F Luna-Reyes, "System Dynamics to Understand Public Information Technology", 2008)

"A simplified, computer, simulation-based construction (model) of some real world phenomenon (or the problem task)." (Hassan Qudrat-Ullah, "System Dynamics Based Technology for Decision Support", 2009)

"A model that shows the expected operation of a system based solely on the model." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"An analytical technique that often involves running models repeatedly using a variety of inputs to determine the upper and lower bounds of possible outcomes. This simulation process is also sometimes used to identify the likely distribution of outputs given a series of assumptions around how the inputs are distributed." (Evan Stubbs, "Delivering Business Analytics: Practical Guidelines for Best Practice", 2013)

"A representation of a system that can be used to mimic the processes of the system under varying circumstances. It is usually operated subject to stochastic disturbances." (Özgür Yalçınkaya, "A General Simulation Modelling Framework for Train Timetabling Problem", 2016)

"A model that represents an actual procedure over time." (Rania Tegou, "Excess Inventories and Stock Out Events Through Advanced Demand Analysis and Emergency Deliveries",  2018)

"technique that created a detailed model to predict the behavior of CI/service" (ITIL)

⛏️Data Management: Data Governance (Definitions)

"The infrastructure, resources, and processes involved in managing data as a corporate asset." (Jill Dyché & Evan Levy, "Customer Data Integration", 2006)

"A process focused on managing the quality, consistency, usability, security, and availability of information." (Alex Berson & Lawrence Dubov, "Master Data Management and Customer Data Integration for a Global Enterprise", 2007)

"The practice of organizing and implementing policies, procedures, and standards for the effective use of an organization's structured or unstructured information assets." (Laura Reeves, "A Manager's Guide to Data Warehousing", 2009)

"The process for addressing how data enters the organization, who is accountable for it, and how - using people, processes, and technologies - data achieves a quality standard that allows for complete transparency within an organization." (Tony Fisher, "The Data Asset", 2009)

"A framework of processes aimed at defining and managing the quality, consistency, usability, security, and availability of information with the primary focus on cross-functional, cross-departmental, and/or cross-divisional concerns of information management." (Alex Berson & Lawrence Dubov, "Master Data Management and Data Governance", 2010)

"The policies and processes that continually work to improve and ensure the availability, accessibility, quality, consistency, auditability, and security of data in a company or institution." (David Lyle & John G Schmidt, "Lean Integration", 2010)

"The exercise of authority, control, and shared decision-making (planning, monitoring, and enforcement) over the management of data assets." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"Data governance is the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of data and information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of data and information in enabling an organization to achieve its goals." (Oracle, "Enterprise Information Management: Best Practices in Data Governance", 2011)

"Processes and controls at the data level; a newer, hybrid quality control discipline that includes elements of data quality, data management, information governance policy development, business process improvement, and compliance and risk management."(Robert F Smallwood, "Information Governance: Concepts, Strategies, and Best Practices", 2014)

"The process for addressing how data enters the organization, who is accountable for it, and how that data achieves the organization's quality standards that allow for complete transparency within an organization." (Jim Davis & Aiman Zeid, "Business Transformation", 2014) 

"A company-wide framework that determines which decisions must be made and who should make them. This includes the definition of roles, responsibilities, obligations and rights in handling the company’s resource data. In this, data governance pursues the goal of maximizing the value of the data in the company. While data governance determines how decisions should be made, data management makes the actual decisions and implements them." (Boris Otto & Hubert Österle, "Corporate Data Quality", 2015)

"The discipline of applying controls to data in order to ensure its integrity over time." (Gregory Lampshire, "The Data and Analytics Playbook", 2016)

"Data governance refers to the overall management of the availability, usability, integrity and security of the data employed in an enterprise. Sound data governance programs include a governing body or council, a defined set of procedures and a standard operating procedure." (Dennis C Guster, "Scalable Data Warehouse Architecture: A Higher Education Case Study", 2018)

"It is a combination of people, processes and technology that drives high-quality, high-value information. The technology portion of data governance combines data quality, data integration and master data management to ensure that data, processes, and people can be trusted and accountable, and that accurate information flows through the enterprise driving business efficiency." (Richard T Herschel, "Business Intelligence", 2019)

"The processes and technical infrastructure that an organization has in place to ensure data privacy, security, availability, usability, and integrity." (Lili Aunimo et al, "Big Data Governance in Agile and Data-Driven Software Development: A Market Entry Case in the Educational Game Industry", 2019)

"The management of data throughout its entire lifecycle in the company to ensure high data quality. Data Governance uses guidelines to determine which standards are applied in the company and which areas of responsibility should handle the tasks required to achieve high data quality." (Mohammad K Daradkeh, "Enterprise Data Lake Management in Business Intelligence and Analytics: Challenges and Research Gaps in Analytics Practices and Integration", 2021)

"A set of processes that ensures that data assets are formally managed throughout the enterprise. A data governance model establishes authority and management and decision making parameters related to the data produced or managed by the enterprise." (NSA/CSS)

"The management of the availability, usability, integrity and security of the data stored within an enterprise." (Solutions Review)

"The process of defining the rules that data has to follow within an organization." (Talend)

Data governance 2.0: "An agile approach to data governance focused on just enough controls for managing risk, which enables broader and more insightful use of data required by the evolving needs of an expanding business ecosystem." (Forrester)

"Data governance encompasses the strategies and technologies used to ensure data is in compliance with regulations and organization policies with respect to data usage." (Adobe)

"Data governance encompasses the strategies and technologies used to make sure business data stays in compliance with regulations and corporate policies." (Informatica) [source]

"Data Governance includes the people, processes and technologies needed to manage and protect the company’s data assets in order to guarantee generally understandable, correct, complete, trustworthy, secure and discoverable corporate data." (BI Survey) [source]

"Data governance is a control that ensures that data entry by a business user or an automated process meets business standards. It manages a variety of things including availability, usability, accuracy, integrity, consistency, completeness, and security of data usage. Through data governance, organizations are able to exercise positive control over the processes and methods to handle data." (Logi Analytics) [source]

"Data governance is a structure put in place allowing organisations to proactively manage data quality." (experian) [source]

"Data governance is an organization's internal policy framework that determines the way people make data management decisions. All aspects of data management must be carried out in accordance with the organization's governance policies." (Xplenty) [source]

"Data Governance is the exercise of decision-making and authority for data-related matters." (The Data Governance Institute)

"Data Governance is a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods." (The Data Governance Institute)

"Data governance is the practice of organizing and implementing policies, procedures and standards for the effective use of an organization's structured/unstructured information assets." (Information Management)

"Data governance is the specification of decision rights and an accountability framework to ensure the appropriate behavior in the valuation, creation, consumption and control of data and analytics." (Gartner)

"The exercise of authority, control and shared decision making (planning, monitoring and enforcement) over the management of data assets. It refers to the overall management of the availability, usability, integrity, and security of the data employed in an enterprise. A sound data governance program includes a governing body or council, a defined set of procedures, and a plan to execute those procedures." (CODATA)

⛏️Data Management: Data Quality Management [DQM] (Definitions)

[Total Data Quality Management:] "An approach that manages data proactively as the outcome of a process, a valuable asset rather than the traditional view of data as an incidental by-product." (Karolyn Kerr, "Improving Data Quality in Health Care", 2009)

"The application of total quality management concepts and practices to improve data and information quality, including setting data quality policies and guidelines, data quality measurement (including data quality auditing and certification), data quality analysis, data cleansing and correction, data quality process improvement, and data quality education." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"Data Quality Management (DQM) is about employing processes, methods, and technologies to ensure the quality of the data meets specific business requirements." (Mark Allen & Dalton Cervo, "Strategy, Scope, and Approach" [in "Multi-Domain Master Data Management"], 2015)

"DQM is the management of company data in a manner aware of quality. It is a sub-function of data management and analyzes, improves and assures the quality of data in the company. DQM includes all activities, procedures and systems to achieve the data quality required by the business strategy. Among other things, DQM transfers approaches for the management of quality for physical goods to immaterial goods like data." (Boris Otto & Hubert Österle, "Corporate Data Quality", 2015)

"Data quality management (DQM) is a set of practices aimed at improving and maintaining the quality of data across a company’s business units." (altexsoft) [source]

"Data quality management is a set of practices that aim at maintaining a high quality of information. DQM goes all the way from the acquisition of data and the implementation of advanced data processes, to an effective distribution of data. It also requires a managerial oversight of the information you have." (Data Pine) [source]

"Data quality management is a setup process, which is aimed at achieving and maintaining high data quality. Its main stages involve the definition of data quality thresholds and rules, data quality assessment, data quality issues resolution, data monitoring and control." (ScienceSoft) [source]

"Data quality management is the act of ensuring suitable data quality." (Xplenty) [source]

"Data quality management provides a context-specific process for improving the fitness of data that’s used for analysis and decision making. The goal is to create insights into the health of that data using various processes and technologies on increasingly bigger and more complex data sets." (SAS) [source]

"Data quality management (DQM) refers to a business principle that requires a combination of the right people, processes and technologies all with the common goal of improving the measures of data quality that matter most to an enterprise organization." (BMC) [source]

"Put most simply, data quality management is the process of reviewing and updating your customer data to minimize inaccuracies and eliminate redundancies, such as duplicate customer records and duplicate mailings to the same address." (EDQ) [source]

♟️Strategic Management: Policy (Just the Quotes)

"To be guided in one's decisions by the present, and to prefer what is sure to what is uncertain (though more attractive), is an expedient, a narrow rule of policy. Not thus do states nor even individual men make their way to greatness." (Marquis de Vauvenargues, "Reflections and Maxims", cca. 1746)

"An adjustive effort of any kind is preceded by a decision to act or not act along a given line, and the decision is itself preceded by a definition of the situation, that is to say, an interpretation, or point of view, and eventually a policy and a behavior pattern. In this way quick judgments and decisions are made at every point in everyday life. Thus when approached by a man or beast in a lonely spot we first define the situation, make a judgment, as to whether the object is dangerous or harmless, and then decide ('make up our mind') what we are going to do about it." (William I Thomas, "Primitive Behavior", 1937)

"A policy therefore might be likened to strategy, the broad, overall, long term conception which gives direction and purpose to the tactics of immediately daily operations and decisions." (Lawrence K. Frank, "National Policy for the Family", 1948)

"The concern of OR with finding an optimum decision, policy, or design is one of its essential characteristics. It does not seek merely to define a better solution to a problem than the one in use; it seeks the best solution... [It] can be characterized as the application of scientific methods, techniques, and tools to problems involving the operations of systems so as to provide those in control of the operations with optimum solutions to the problems." (C West Churchman et al, "Introduction to Operations Research", 1957)

"[System dynamics] is an approach that should help in important top-management problems [...] The solutions to small problems yield small rewards. Very often the most important problems are but little more difficult to handle than the unimportant. Many [people] predetermine mediocre results by setting initial goals too low. The attitude must be one of enterprise design. The expectation should be for major improvement [...] The attitude that the goal is to explain behavior; which is fairly common in academic circles, is not sufficient. The goal should be to find management policies and organizational structures that lead to greater success." (Jay W Forrester, "Industrial Dynamics", 1961)

"Organization is not neutral in its effect upon policy, and those who hold power do not lightly relinquish is." (Stephan K. Bailey, "Agenda For the Nation", 1968)

"Policy-making, decision-taking, and control: These are the three functions of management that have intellectual content." (Anthony S Beer, "Management Science" , 1968)

"In complex systems cause and effect are often not closely related in either time or space. The structure of a complex system is not a simple feedback loop where one system state dominates the behavior. The complex system has a multiplicity of interacting feedback loops. Its internal rates of flow are controlled by nonlinear relationships. The complex system is of high order, meaning that there are many system states (or levels). It usually contains positive-feedback loops describing growth processes as well as negative, goal-seeking loops. In the complex system the cause of a difficulty may lie far back in time from the symptoms, or in a completely different and remote part of the system. In fact, causes are usually found, not in prior events, but in the structure and policies of the system." (Jay W Forrester, "Urban dynamics", 1969)

"In his search for elegance the management scientist has hindered his ability to participate in solving policy problems. [...] The management scientist must be prepared to forego elegance, to adjust his technique to the problem rather than searching for problems that fit the technique." (Henry Mintzberg, "The Nature of Managerial Work", 1973)

"Given that the structure of an econometric model consists of optimal decision rules of economic agents, and that optimal decision rules vary systematically with changes in the structure of series relevant to the decision maker, it follows that any change in policy will systematically alter the structure of econometric models." (Robert Lucas, 1976)

"Perhaps the fault [for the poor implementation record for models] lies in the origins of managerial model-making - the translation of methods and principles of the physical sciences into wartime operations research. [...] If hypothesis, data, and analysis lead to proof and new knowledge in science, shouldn’t similar processes lead to change in organizations? The answer is obvious-NO! Organizational changes (or decisions or policies) do not instantly pow from evidence, deductive logic, and mathematical optimization." (Edward B Roberts, "Interface", 1977)

"Executive stress is difficult to overstate when there is a conflict among policy restrictions, near-term performance, long-term good of the company, and personal survival." (Bruce Henderson, "Henderson on Corporate Strategy", 1979)

"It is a paradox that the greater the decentralization, the greater the need for both leadership and explicit policies from the top management." (Bruce Henderson, "Henderson on Corporate Strategy", 1979)

"It makes little sense to subject all employees to training programs, to personnel policies, and to supervision designed for one group of employees, and in particular designed, as so many of the policies are, for yesterday's typical entrant into the labor forcethe fifteen or sixteen year old without any experience. More and more we will have to have personnel policies that fit the person rather than bureaucratic convenience or tradition." (Peter F Drucker, "Management in Turbulent Times", 1980)

"One critical source of knowledge is an understanding of how your organization formulates policies." (Dale E Zand, "Information, Organization, and Power", 1981)

"Linear programming is viewed as a revolutionary development giving man the ability to state general objectives and to find, by means of the simplex method, optimal policy decisions for a broad class of practical decision problems of great complexity. In the real world, planning tends to be ad hoc because of the many special-interest groups with their multiple objectives." (George B Dantzig, "Mathematical Programming: The state of the art", 1983)

"The formal structure of a decision problem in any area can be put into four parts: (1) the choice of an objective function denning the relative desirability of different outcomes; (2) specification of the policy alternatives which are available to the agent, or decisionmaker, (3) specification of the model, that is, empirical relations that link the objective function, or the variables that enter into it, with the policy alternatives and possibly other variables; and (4) computational methods for choosing among the policy alternatives that one which performs best as measured by the objective function." (Kenneth Arrow, "The Economics of Information", 1984)

"Every organizational policy solves certain problems and generates others." (Judith M Bardwick, "The Plateauing Trap", 1986)

"A strong corporate culture is the invisible hand that guides how things are done in an organization. The phrase, 'You just can't do that here', is extremely powerful, more so than any written rules or policy manuals." (Andrew S Grove, "One-On-One With Andy Grove", 1987)

"A model for simulating dynamic system behavior requires formal policy descriptions to specify how individual decisions are to be made. Flows of information are continuously converted into decisions and actions. No plea about the inadequacy of our understanding of the decision-making processes can excuse us from estimating decision-making criteria. To omit a decision point is to deny its presence - a mistake of far greater magnitude than any errors in our best estimate of the process." (Jay W Forrester, "Policies, decisions and information sources for modeling", 1994)

"Management is not founded on observation and experiment, but on a drive towards a set of outcomes. These aims are not altogether explicit; at one extreme they may amount to no more than an intention to preserve the status quo, at the other extreme they may embody an obsessional demand for power, profit or prestige. But the scientist's quest for insight, for understanding, for wanting to know what makes the system tick, rarely figures in the manager's motivation. Secondly, and therefore, management is not, even in intention, separable from its own intentions and desires: its policies express them. Thirdly, management is not normally aware of the conventional nature of its intellectual processes and control procedures. It is accustomed to confuse its conventions for recording information with truths-about-the-business, its subjective institutional languages for discussing the business with an objective language of fact and its models of reality with reality itself." (Stanford Beer, "Decision and Control", 1994)

"To attain quality, it is well to begin by establishing the 'vision' for the organization, along with policies and goals. Conversion of goals into results (making quality happen) is then done through managerial processes - sequences of activities that produce the intended results." (Joseph M Juran, "How to think about quality", 1999)

"[...] information feedback about the real world not only alters our decisions within the context of existing frames and decision rules but also feeds back to alter our mental models. As our mental models change we change the structure of our systems, creating different decision rules and new strategies. The same information, processed and interpreted by a different decision rule, now yields a different decision. Altering the structure of our systems then alters their patterns of behavior. The development of systems thinking is a double-loop learning process in which we replace a reductionist, narrow, short-run, static view of the world with a holistic, broad, long-term, dynamic view and then redesign our policies and institutions accordingly." (John D Sterman, "Business dynamics: Systems thinking and modeling for a complex world", 2000)

"To avoid policy resistance and find high leverage policies requires us to expand the boundaries of our mental models so that we become aware of and understand the implications of the feedbacks created by the decisions we make. That is, we must learn about the structure and dynamics of the increasingly complex systems in which we are embedded." (John D Sterman, "Business dynamics: Systems thinking and modeling for a complex world", 2000) 

"The key element of an organization is not a building or a set of policies and procedures; organizations are made up of people and their relationships with one another. An organization exists when people interact with one another to perform essential functions that help attain goals." (Richard Daft, "The Leadership Experience" , 2002)

"Deep change in mental models, or double-loop learning, arises when evidence not only alters our decisions within the context of existing frames, but also feeds back to alter our mental models. As our mental models change, we change the structure of our systems, creating different decision rules and new strategies. The same information, interpreted by a different model, now yields a different decision. Systems thinking is an iterative learning process in which we replace a reductionist, narrow, short-run, static view of the world with a holistic, broad, long-term, dynamic view, reinventing our policies and institutions accordingly." (John D Sterman, "Learning in and about complex systems", Systems Thinking Vol. 3, 2003)

"The kernel of a strategy contains three elements: a diagnosis, a guiding policy, and coherent action." (Richard Rumelt, "Good Strategy/Bad Strategy", 2011)

"Complex systems defy intuitive solutions. Even a third-order, linear differential equation is unsolvable by inspection. Yet, important situations in management, economics, medicine, and social behavior usually lose reality if simplified to less than fifth-order nonlinear dynamic systems. Attempts to deal with nonlinear dynamic systems using ordinary processes of description and debate lead to internal inconsistencies. Underlying assumptions may have been left unclear and contradictory, and mental models are often logically incomplete. Resulting behavior is likely to be contrary to that implied by the assumptions being made about' underlying system structure and governing policies." (Jay W. Forrester, "Modeling for What Purpose?", The Systems Thinker Vol. 24 (2), 2013)

"The work around the complex systems map supported a concentration on causal mechanisms. This enabled poor system responses to be diagnosed as the unanticipated effects of previous policies as well as identification of the drivers of the sector. Understanding the feedback mechanisms in play then allowed experimentation with possible future policies and the creation of a coherent and mutually supporting package of recommendations for change."  (David C Lane et al, "Blending systems thinking approaches for organisational analysis: reviewing child protection", 2015)