Information is vital for any organization in this world. Information is not only power, but also Money. In today.s world, stolen data is not only annoyance, but also a powerful weapon that can be used by the competition or by any malicious user. The information leakage can damage your organization in many ways like financial loss, threat to your brand image or loss of customer confidence.
So how do you know your data is sufficiently protected? Start asking the right questions? The right questions are those which will help you to assess what you have? Once you have a clear understanding of what you have, it is easy for you to start working on how to protect them. So here is a list of questions one should ask.
- What sensitive data do we have? Assess the data you handle, classify them, organize them and separate it from non-critical data
- Where is our sensitive data located? The first answer for this might be the production database. There are other areas as well, like tape backup, test servers, etc. There can be email archives, or other areas as well. Identify them!!!
- What are the points of access to our sensitive data? Identify the entry points to your sensitive data locations, both physical and logical access.
- How is each access point protected? Identify the protection mechanisms for the access points.
- Who has access to what data? Many security incidents involve the insiders. Access to the sensitive data shall be based on a .need to know. criteria.
- How do we track our sensitive data? Logging and Auditing the access and handling of data is crucial. Audit logs are often an effective mechanism to perform tracking; at the same time audit logs are considered sensitive data.
These questions will enable your organization to assess the data security posture. Once you identify the weakness, you can start developing strategies to protect your information.