Managing risk, compliance and security are objectives that still need to be achieved even while organizations rush to cut costs.
The insider threat in particular has always been a key challenge for organizations and, with staff being made redundant in droves these days, access rights to sensitive company information must be revoked quickly.
The external threat is getting worse as well, as hackers are increasingly targeting corporate networks for financial gain. In January 2009 security technology vendor McAfee estimated that data theft and breaches cost businesses worldwide approximately US$1 trillion in lost intellectual property and expenditures for cleaning up the damage caused.
All organizations should take note. In an economic downturn, businesses switch focus from acquiring customers to retaining them. Any security breach where data is lost could damage their reputation and cause customers to jump ship.
Failure to adequately protect information and ensure its integrity has not been compromised could also lead to organizations being unable to comply with a growing roster of regulations requiring higher data security standards including: the Payment Card Industry Data Security Standard (PCI DSS); e-discovery requests, which are commonplace in the United States and becoming more so in Europe; and security breach disclosure legislation, which is expected to be enacted in the near future by the European Union.
Because of these factors, protecting data is now one of the top business-driven issues for improving security and managing risk.
In order to prove that security controls are effective and to be able to comply with potential litigation requests, organizations need to put in place an effective system for policing information governance, including the ability to organize, retrieve and analyze information, as well as to report on the effectiveness of controls over information access for audit purposes and for responding to litigation requests such as e-discovery.
This means establishing a system of electronics records management across the organization, covering all data stores and including both structured data, such as databases, and unstructured information, such as e-mail messages and documents. The system must cover the entire lifecycle of electronics records--including when they are generated, backed up and archived--and must ensure the integrity of all records is maintained.
To Continue Reading: Click Here
---------------------------------------------
Source: zdnetasia.com
By: Fran Howarth
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment