data security, regulatory and privacy management

Compliance, Security, Data Masking, New York, Connecticut, New Jersey, Massachusetts, Rhode Island

GRT provides expert IT Risk Management, Data Security, Data Privacy, Data Masking and Regulatory Compliance consulting services to companies in the United States and arround the world.

data security, regulatory and privacy management

business intelligence, operational, analytic and business reporting

Business Intelligence, New York, Connecticut, New Jersey, Massachusetts, Rhode Island

GRT assists you in development, design and implementation of a data warehouse and business intelligence strategy that ensures common framework across the enterprise.

business intelligence, operational, analytic and business reporting

Information strategy, gap analysis, tactics, design and implementation

Data Warehouse and Business Intelligence Staffing Solutions, New York, Connecticut, New Jersey,  Massachusetts, Rhode Island

GRT is a leader among expert staffing solutions in IT functions associated with Data Security, Business Intelligences and Data Warehouse. We help you meet your information management consulting and staffing needs.

Information strategy, gap analysis, tactics, design and implementation

Information security Based on Risk Not Fear

Some of the most prominent stories in information security over the past few years have involved huge breaches of large corporations; the massive theft of data is seemingly becoming an everyday occurrence. This means we are witnessing a huge change in the once-neglected realm of cybersecurity.

The main problem, writes Keith Lawman for Tripwire, is that most IT security departments have been set up as a reactionary measure. Organizations have reacted to news stories of the latest breach with terror and a feeling of dread that they could be next. Fear of reprisals, termination and exposure focus organizations on preventing what has already happened and, even worse, promote a negative connotation towards data accessibility.

As the personal, financial and professional implications of data breaches have expanded over time, regulatory agencies have been set up to protect this data and consequences laid out for companies that fail to abide by them. This is all well and good, but simple compliance isn't enough. While compliance measures do remove some of the negativity regarding information security, the unintended consequences are that all too often security is based on compliance measures and not the actual risk. A problem with this is that the mentality becomes a simplified focus on access prevention – which is no guarantee of safety.

It is neither 100% feasible to protect every part of the perimeter nor financially possible to do so. The goal is simply to recognize that there is a risk involved. The focus, therefore, should be on identifying and quantifying the financial impacts of any potential breach. A multi-tiered approach is the logical outcome of this realization – where certain risks are offset by a defined identification program rather than by any particular preventative platform.

The bar to this kind of approach is that an overhaul of the organization's data structure is required to accurately classify and recognize the information held. Not all high-tech exploits can be offset with high tech solutions. For example, in a number of recent high-profile breaches, access was gained through compromised privileged user accounts.

A good analogy to use is a typical household. Of course you are going to lock all the perimeter doors and windows. However, this doesn't guarantee that a determined attacker will be prevented from gaining access. You might then install a security system to inform when a breach occurs and limit the amount of time the 'house' is exposed. Furthermore, you might keep certain valuables locked away in a secure safe hidden inside the house. Even then, an insurance policy is often a good idea to help if all else fails.