Data Lifecycle as a Foundation for Building an Enterprise Information Security Policy

Abstract

    In today’s digital landscape, data security is a fundamental concern for organizations, requiring policies that extend beyond traditional technical measures. This study proposes a comprehensive information security framework based on the organizational data lifecycle, ensuring protection throughout the entire data lifecycle, from creation to destruction. By integrating key security principles—confidentiality, integrity, and availability—into each phase, the framework mitigates risks such as unauthorized access, data loss, and regulatory non-compliance. The research employs an analytical approach, drawing on international standards such as ISO/IEC 27001 [1] and NIST SP 800-53 [2], as well as benchmarking tools and case studies. Findings highlight the importance of lifecycle-driven security policies, institutional governance, and adaptive strategies to counter emerging cyber threats. The study offers practical recommendations for policy implementation, contributing to more robust and resilient organizational security practices.