Method and system for controlling access to data

What is claimed is: 1. A method for controlling access to a set of data, the method being implemented by at least one processor, the method comprising: receiving, by the at least one processor via an interface, at least one request from at least one agent to access the set of data in at least one database, wherein the at least one database corresponds to a graph database that includes at least one graph structure for semantic queries with nodes, edges, and properties to represent and store the set of data; extracting, by the at least one processor, at least one access criterion relating to a predefined data access constraint and a predetermined data access policy from the at least one request, wherein the at least one access criterion includes agent identification information and terminal information, the terminal information corresponding to a device that made the at least one request; and determining, by the at least one processor, whether the at least one agent is to be granted access to the set of data using the at least one access criterion, wherein the at least one access criterion is based on at least one attribute that is associated with at least one element within the set of data. 2. The method of claim 1 , further comprising: defining, by the at least one processor, a metamodel for at least one control objective; determining, by the at least one processor, a data framework based on the at least one request; and expressing, by the at least one processor, the metamodel in the determined data framework. 3. The method of claim 2 , wherein the metamodel includes at least one class, the at least one class including at least one from among a policy class, an asset specification class, a party specification class, an action specification class, a rule class, and a constraint class. 4. The method of claim 2 , wherein the at least one control objective includes a rule that defines a desired control outcome for a set of participants. 5. The method of claim 2 , wherein the at least one access criterion is linked to the at least one control objective based on the at least one attribute. 6. The method of claim 1 , wherein the at least one attribute is derived from at least one physical data model relating to a representation of systems that store and manage the set of data. 7. The method of claim 1 , wherein the at least one attribute is derived from at least one logical data model relating to a representation of application-level descriptions of the set of data. 8. The method of claim 1 , wherein the at least one attribute is derived from at least one business taxonomy relating to an enterprise-level classification of the set of data based on the predetermined data access policy, the business taxonomy including application-independent descriptions of the set of data. 9. The method of claim 1 , wherein the at least one attribute is derived from at least one data lineage relating to lifecycle information for the set of data, the lifecycle information including at least one from among origin information for the set of data and movement history information for the set of data. 10. The method of claim 1 , wherein the predetermined data access policy corresponds to at least one from among a business requirement, a regulatory requirement, a customer requirement, and an operational requirement. 11. A computing device configured to implement an execution of a method for controlling access to a set of data, the computing device comprising: a processor; a memory; and a communication interface coupled to each of the processor and the memory, wherein the processor is configured to: receive, via an interface, at least one request from at least one agent to access the set of data in at least one database, wherein the at least one database corresponds to a graph database that includes at least one graph structure for semantic queries with nodes, edges, and properties to represent and store the set of data: extract at least one access criterion relating to a predefined data access constraint and a predetermined data access policy from the at least one request, wherein the at least one access criterion includes agent identification information and terminal information, the terminal information corresponding to a device that made the at least one request; and determine whether the at least one agent is to be granted access to the set of data using the at least one access criterion, wherein the at least one access criterion is based on at least one attribute that is associated with at least one element within the set of data. 12. The computing device of claim 11 , wherein the processor is further configured to: define a metamodel for at least one control objective; determine a data framework based on the at least one request; and express the metamodel in the determined data framework. 13. The computing device of claim 12 , wherein the metamodel includes at least one class, the at least one class including at least one from among a policy class, an asset specification class, a party specification class, an action specification class, a rule class, and a constraint class. 14. The computing device of claim 12 , wherein the at least one control objective includes a rule that defines a desired control outcome for a set of participants. 15. The computing device of claim 12 , wherein the processor is further configured to link the at least one access criterion to the at least one control objective based on the at least one attribute. 16. The computing device of claim 11 , wherein the processor is further configured to derive the at least one attribute from at least one physical data model relating to a representation of systems that store and manage the set of data. 17. The computing device of claim 11 , wherein the processor is further configured to derive the at least one attribute from at least one logical data model relating to a representation of application-level descriptions of the set of data. 18. The computing device of claim 11 , wherein the processor is further configured to derive the at least one attribute from at least one business taxonomy relating to an enterprise-level classification of the set of data based on the predetermined data access policy, the business taxonomy including application-independent descriptions of the set of data. 19. The computing device of claim 11 , wherein the processor is further configured to derive the at least one attribute from at least one data lineage relating to lifecycle information for the set of data, the lifecycle information including at least one from among origin information for the set of data and movement history information for the set of data. 20. The computing device of claim 11 , wherein the predetermined data access policy corresponds to at least one from among a business requirement, a regulatory requirement, a customer requirement, and an operational requirement.