Archive for April, 2010

Data Lifecycle Management: How to reduce risk (part1)

What is Data Lifecycle Management?

The Data Lifecycle goes through 5 steps: creation, usage, transport, storage and destruction. Most companies have parts of this lifecycle under control, but that means there are lots of areas for gaps in the control measures that could let a threat affect the data. The multiple part blog, (I am not sure how many parts it will take), will walk through the steps of the data lifecycle and what a company can do to implement a good process for all the data management challenges.

Data lifecycle management (DLM) is a policy and procedure based approach to manage information movement. Data has to be classified and evaluated to properly protect it with the right resources. Ownership is a key factor in managing and maintaining data throughout the lifecycle

The 5 Steps

  1. Creation – How does data creation get managed?
  2. Usage – What limitations are on data usage?
  3. Storage – What controls are in place for storage?
  4. Transportation – How is data transmitted between company, customers and business partners?
  5. Destruction – What is the validation and verification process over data destruction?

The Data Management Problem

  • Weak processes in place to track creation usage, transportation, storage and destruction
  • Weak ability to monitor and manage a customer record throughout the lifecycle
  • Inconsistent processes across each phase of data movement
  • Lack of enforcement capabilities

What should be the goal of data lifecycle management?

  • Provide practical steps to manage each step of the customer record management process
  • Provide cost effective solution for risk mitigation
  • Provide framework for data management
  • Reduce risk of data loss

Challenges to Customer Data Records Management

  • Rarely does a company have a centralized process to track controls over data, over management processes around data, over logging and monitoring, and removal
  • Organizations rely on technology to secure data not processes that drive technology purchases
  • The 5 steps of data management are not followed by all functional groups in a company
  • No clear ownership and classification of customer data elements

Did you know…

  • 1 in 400 emails contains confidential information
  • 1 in 50 network files contains confidential data
  • 4 out of 5 companies have lost confidential data when a laptop was lost
  • 1 in 2 USB drives contains confidential information
  • Companies that incur a data breach experience a significant increase in customer turnover—as much as 11%
  • Over 35 states have enacted security breach notification laws
  • Can openers were invented 48 years after cans
Reblog this post [with Zemanta]

What are the features you need a Windows Security Host Diagnostic tool?

Windows 7 is the latest stable Windows operati...
Image via Wikipedia

There is a lot of focus on network security and application security today. Years ago it was operating system security that was all the rage. But with the advent of the strict requirements of some of the regulations such as HIPAA, PCI, SOX, and FISMA, more attention needs to be paid to the operating system. As Windows is still dominant, what are some of the features you need to be concerned with in an application?

Some key feature of a host security assessment tool are: 

  1. Ability to quickly audit
  2. Ability to inventory
  3. Structure for classification of components
  4. Patch management of course
  5. Ability to baseline and report against the baseline
  6. Templates of the regulatory requirements
  7. Templates of different levels of security configurations
  8. Threat identification and classification
  9. User management
  10. Port security assessment and management
  11. Service and process analysis

A baseline configuration for operating system security, cover things such as patch levels, ports, services, processes, logging, policy settings and user configuration, should be the first step for any company in host security assessment and diagnostics. If you build from scratch, or don’t use a secure template, you will always be in trouble. Timely updates and reconfiguration of your baseline is necessary.

Your operating system like your network security should match your corporate business practices and procedures. Policies should be in place for this of course.  Over time you should be able to benchmark your host security problems, solutions and changes.

Gary Bahadur

Address: 200 Se 1st St #601 Miami FL 33131

*Managed Security Services

*Vulnerability Management

*Compliance & Policy Development

*PGP Security

*FREE Website Security Test 

Reblog this post [with Zemanta]