data security, regulatory and privacy management

Compliance, Security, Data Masking, New York, Connecticut, New Jersey, Massachusetts, Rhode Island

GRT provides expert IT Risk Management, Data Security, Data Privacy, Data Masking and Regulatory Compliance consulting services to companies in the United States and arround the world.

data security, regulatory and privacy management

business intelligence, operational, analytic and business reporting

Business Intelligence, New York, Connecticut, New Jersey, Massachusetts, Rhode Island

GRT assists you in development, design and implementation of a data warehouse and business intelligence strategy that ensures common framework across the enterprise.

business intelligence, operational, analytic and business reporting

Information strategy, gap analysis, tactics, design and implementation

Data Warehouse and Business Intelligence Staffing Solutions, New York, Connecticut, New Jersey,  Massachusetts, Rhode Island

GRT is a leader among expert staffing solutions in IT functions associated with Data Security, Business Intelligences and Data Warehouse. We help you meet your information management consulting and staffing needs.

Information strategy, gap analysis, tactics, design and implementation

Targeted Controls Key to Effective Security

Introduction

Most organizations have an attack surface that is constantly expanding. Those that have a security policy aimed only at preventing intruders at the perimeter are doomed to failure. The highest levels of security should be applied only to the most valuable data - this will increase the robustness of that data’s security. This requires a risk based approach to cybersecurity. There also needs to be a strategy for when (not if) perimeters are breached to mitigate losses.

Global business consultancy Protiviti has come out to say that the key to effective information security is targeted controls. Too often, the focus in a business is simply on keeping intruders out. This leads to a lack of any clear vision about what an organization is trying to achieve and is often used in place of any clear, coherent strategy.

Many businesses, writes Warwick Ashford for Computer Weekly, believe that they are powerless in the face of sophisticated, well-resourced cyber attacks. However, if an organization is clear about what information and systems really matter to it, then it is neither difficult nor costly to develop a strategy that focuses security on these particular areas.

The first thing to accept for any business is that it is impossible to protect everything at the highest level all the time. That said, protecting only the most important and valuable data is most definitely achievable. The biggest waste is when security systems are rolled out across an entire enterprise at a huge cost. Often, they are not fully implemented, meaning an inadequate level of protection for everything, instead of a high level of protection for the most important.

This leads to a lot of areas being covered when it is not really necessary to do so, and areas where cover is a big issue being left exposed. Instead of this, businesses should better understand their risks to enable them to properly deploy targeted controls for smaller, well-defined threats.

It can often seem that attackers have the upper hand. After all, they simply need to find one weak point to exploit an ever-expanding attack surface. Businesses can gain control, however, by taking full control of their IT landscape.

Most businesses do not seem to think about how to control attackers once they have breached the perimeter defenses, or how they can stop them from stealing valuable data. A lot needs to happen in the information security world before preparation for data breaches and testing of response capabilities are as embedded in our culture as, say, fire drills are today.

It is highly important for an organization to understand the implications of a breach of data assets to ensure it is able to effectively prioritize its IT defenses. It is easier, and more cost-effective, to apply security systems to particular cases/uses than to provide a general level of protection for everyone all the time.

A good analogy is the state of F1 racing in the 1980s. Being a driver was a dangerous job and small mistakes could lead to huge consequences. It took a few serious accidents to change the way F1 racing operated. It is taking serious data breaches to do the same to information security.

Summary

·         Keeping intruders out at the perimeter is impossible

·         Organizations should not therefore waste time and money trying to achieve this

·         Instead they need a strategy where risk is assessed, with the highest levels of security placed around the most valuable data

·         They also need strategies to deal with situations when intruders get in