Data security management can't just limit the use of data in the organization, nor can it just provide solutions for data leakage in the organization or even the organization's regulatory punishment for data security. Data security management needs to more effectively promote the circulation of data assets within the organization and avoid data security accidents to the greatest extent.
1. Why do we need data security management?
Regarding why data security management is needed, it is currently estimated that most enterprise data managers should be aware of the importance of data security. Here is a brief summary of relevant data and opinions:
1. The proportion of types of data leakage:
2. Analysis of the internal and external environment of data threats:
3. The impact of data threats on organizations and CIA:
4. Data security business drivers
5. Benefits of data security management
6. Three lines of defense and business value expression
2. Passive data security and active data security
Reactive data security: Organizations need to be driven by external factors to prioritize data security management. (like new regulations or after a data breach)
Proactive data security: Proactively develop and implement a data security strategy and related policies, rather than waiting for an event to trigger a data security plan. Securing the Value of Data for Business Continuity
Understanding data (value, location, and access) is key to keeping it safe. Data security means protecting digital data from destructive forces, unwanted manipulation by unauthorized users, and accidental loss.
Proactive data security can help your organization:
• Enable business continuity by avoiding routine business and functional disruptions
• Meet compliance and regulatory requirements to avoid fines, penalties and legal issues
• Protect your reputation and status as a trusted organization and build brand loyalty
• Use accurate, accessible data to gain and maintain a competitive advantage
• Prevent job losses in the organization - this has occurred in nearly one-third of non-compliance companies in previous years
Consider five questions (5W) to establish a proactive data security strategy and route:
1. Who is responsible for data security? Everyone has a responsibility to protect their organization's data!
Every organization has data that needs to be protected, whether it has customers, patients, donors or volunteers. Every transaction or interaction produces data.
If every organization has data (including yours) that needs to be protected, who in the organization is responsible for protecting that data? Who are you. he is. So is she. Everyone in an organization has a role to play in protecting data.
•staff
Training in the fundamentals of protecting data is required, as well as an understanding of common phishing attacks, malware, social engineering, and other efforts criminals use to gain insider access to resources and data.
• Corporate leadership
Data must be treated as an asset in order to implement the resources, tools and culture needed to protect it. With collecting data comes responsibility, so protecting it becomes a business imperative.
• IT team
Responsible for leading the organization in proactively implementing and maintaining data security best practices.
2. What data needs to be protected?
Looking at data from a security perspective, the most important category to understand is structured or unstructured data.
3. Where should I start when developing a data security strategy?
These are the main areas that a proactive data security strategy needs to focus on:
Discover data locations: Identify where all of your organization's data is stored, including file servers, database servers, and cloud services. This first step is critical because you can't protect data that you don't know about. This part can be accomplished through interviews with application owners and the use of tools already in the environment, such as network scans, DLP reports, and CASB reports.
Classify data: Identify the discovered data content. This process requires cross-domain operational discussions across the organization. Each department will best understand what data they are using and how. Have them assist in classifying their datasets. Data discovery/classification tools can speed up the process by scanning data stores and then reporting on sensitive information stored such as PII, PHI, and PCI data. Classifications work best when they are concise and clear—classifications for public, private, and internal use are easily understood across the enterprise.
Monitor access: Activity monitoring will tell you who and what is accessing your data - users, applications, batches, etc. Monitor/audit access to sensitive information to establish a baseline for normal activity. This baseline is used to create policies around what should be allowed and what should be considered anomalous.
Apply strategy: For data at rest, determine whether files or documents need to be encrypted, how often they should be backed up, and the level of availability needed to meet SLA requirements. Data in Motion requires an understanding of who has access to the data and who should be able to. This involves understanding the current access of people, processes, and applications through access monitoring, and then removing any unnecessary access. This can also be called a rights review. It includes understanding whether your data can be moved, stored or shared, and then placing the required controls appropriately.
Assess Vulnerabilities and Fix: Check and re-examine your operating system, database systems, and data storage vulnerabilities. Patch and configure as needed to keep these systems up to date and secure. Vulnerability assessment is another area that requires automated tools. These tools can be bundled with an access monitoring solution or as a standalone solution.
Revise policies: Based on your data classification and activity monitoring, periodically revisit your policies and update them as needed to ensure that all data use cases are handled correctly. In addition to regularly reviewing plans, keep policies up to date by being alerted when access patterns change or new requirements are implemented.
4. When should data security policies be applied?
A proactive approach to data security requires the continuous application of established data security controls and protections. Structured data is rarely static. A proactive approach is an ongoing process as you continue to use and acquire data. The following all need to apply data security controls to ensure they are comprehensive and apply the required protections to the necessary data:
• At data inception, including developing or implementing new applications, or when data is loaded as a result of a merger or acquisition
• When adding a new datastore
• When implementing new regulations that affect your organization
5. Why do you need to protect data?
Not only is everyone in the organization responsible for protecting data; when a data breach or data loss occurs, everyone in the organization is affected.
3. Ten steps for data security best practices
Data security management can consider how to conduct data security management by reviewing five aspects of data:
Regarding data security management, the following ten steps can be referred to as best practice solutions:
(1) Define sensitive data
The purpose of data security is to protect an organization's sensitive and critical data as it is created, stored, managed and transmitted.
(2) Formulate data security policies
The second task is to organize all cybersecurity mechanisms, activities and controls to form a working policy. Enable your organization's human and technical resources to efficiently support your data security efforts.
(3) Develop an incident response plan
An incident response plan specifies actions to deal with a cybersecurity incident (data breach, hack, or compromise) and mitigate the consequences in a timely manner. Relevant laws, industry standards, and organizational codes describe incident response requirements. When planning incident response, you need to:
Define security incidents, their variants, and the severity of their consequences for the organization;
select those responsible for handling incidents;
perform security audits, improve plans based on previous incidents, and create an extended list of cases the organization may face;
develop rigorous communications Plan and list of permissions that should be notified in the event of an incident;
also, create a data recovery plan to ensure that your data and systems can be quickly restored after any possible incident.
(4) Ensuring secure data storage
Before implementing other data protection, ensure the enforcement of a storage policy for data security.
1) Secure storage of physical media containing data
2) Implement storage methods to protect data (backup, encryption, desensitization, confirmation expeditions)
3) Manage all storage devices
(5) Granularly restrict access to critical assets
Physical access controls, implementing authentication management, adopting principles of least privilege or real-time privileged access management.
(6) Continuous monitoring of user activities
Capabilities for user activity monitoring tools may include: automatic notification of suspicious activity, incident signature response, logging user sessions with metadata.
(7) Manage third-party related risks
It is always recommended to monitor the operation of all critical systems by third parties. Even if you trust your contractor, there is a chance that their systems are vulnerable to hackers.
(8) Pay special attention to privileged users
Closely monitor privileged users as they have elevated privileges to access and change sensitive data of the organization.
(9) Provide data security risk education to all employees
Educate your employees on how to safely handle your company assets and how to recognize malware and external attacks.
Don't forget to offer new training to provide the latest information on the data threat landscape and create courses for new hires. Educate your staff and trainees on a regular basis.
(10) Deploy dedicated data security software to prevent potential accidents