Why Read This
Data defense is the fundamental purpose of information security. To defend your data, there are only four levers you can pull — controlling access, inspecting data usage patterns for abuse, disposing of data when the organization no longer needs it, or killing data to devalue it in the event that it is stolen. Policy addresses when and how much to pull the levers. Too often, organizations create data policies without a clear understanding of feasibility and purpose within their business because they themselves are in the dark about their data — from what data they have to where it resides. As a result, many data security policies are ineffective and can even hinder business processes. Data classification via traditional frameworks such as Bell-LaPadula and Biba can be too academic in nature and not enforceable in the modern world of big data and advanced threats. In today's evolving data economy, data identity is the missing link that security and risk (S&R) leaders must define in order to create actionable data security and control policy. We designed this report to help S&R leaders develop effective policies using our Data Security Control And Control Framework as a guideline.
Tags: Data & Information Protection, Data Loss Prevention (DLP), Governance Risk & Compliance (GRC), Identity & Access Management (IAM), Infrastructure Security, Network Access Control (NAC), Network Management, Network Security, Networking, Privacy, Regulations & Legislation