SlideShare uma empresa Scribd logo

Perform 7 Steps To Information Protection

Sajjad Haider
Sajjad Haider

The document outlines a 7-step process for organizations to protect confidential information: 1) Assess information loss and compromise risks; 2) Identify and classify confidential information; 3) Develop policies and procedures; 4) Deploy technologies to enable policy compliance; 5) Communicate and educate stakeholders; 6) Integrate practices into business processes; and 7) Audit to ensure accountability. The first step involves determining an information protection strategy through risk assessment surveys and identifying technical risks with software.

Tecnologia
1 de 20
Baixar para ler offline
Perform 7 steps to information protection Document created: 18/03/2010 11:17:14 18/03/2010 11:17:14 Perform 7 steps to information protection 1
Table of Contents 1 Perform 7 steps to information protection............................................................................................. 4 1.1 Meet Compliancy regulations....................................................................................................... 5 1.2 Maximize Data security............................................................................................................... 5 1.3 Safeguard Intellectual property.................................................................................................... 5 1.1 Assess information Loss & compromise risks.................................................................................. 5 1.1.1 Determine info protection Strategy approach & priorities..........................................................5 1.1.1.1 Conduct a Risk assessment and survey.......................................................................... 6 1.1.1.1.1 Identify which Info should be protected.................................................................. 7 1.1.1.1.2 Distinguish Types of confidential information........................................................... 7 1.1.1.1.2.1 Apply Classifications..................................................................................... 7 1.1.1.1.3 Determine Perceived risks.................................................................................... 7 1.1.1.1.4 Identify Existing info protection............................................................................. 7 1.1.1.1.4.1 Identify Policies........................................................................................... 8 1.1.1.1.4.2 Identify Procedures...................................................................................... 8 1.1.1.1.4.3 Identify Practices......................................................................................... 8 1.1.1.1.5 Identify high risk Business processes..................................................................... 9 1.1.1.1.6 Determine awareness of Incidents of info vulnerability............................................. 9 1.1.1.1.7 Understand the Organizations risk tolerance........................................................... 9 1.1.1.1.8 Understand companies related Priorities & preferences............................................. 9 1.1.1.1.9 Quantify & qualify the risk of Confidential information loss...................................... 10 1.1.1.2 Implement software to identify Technical risk................................................................ 10 1.1.1.2.1 Locate Confidential data on network..................................................................... 11 1.1.1.2.2 Determine who has Access..................................................................................11 1.1.1.2.3 Demonstrate Internal information flow................................................................. 11 1.1.1.2.4 Collate evidence of Unauthorized info transfer....................................................... 11 1.1.1.2.5 Identify High risk business processes................................................................... 11 1.1.1.2.6 Document At-risk confidential data...................................................................... 12 1.1.1.2.7 Quantify Risk of non-compliance.......................................................................... 12 1.1.1.2.8 Provide a record of Internal / external info flow..................................................... 12 1.2 Identify & classify Confidential information................................................................................... 12 1.2.1 Define Confidential information........................................................................................... 13 1.2.1.1 Use best practices to update Information classifications.................................................. 13 1.2.1.2 Identify Confidential information................................................................................. 13 1.2.1.3 Apply Classifications.................................................................................................. 13 1.2.2 Assign Levels of protection................................................................................................. 14 1.2.2.1 Use Classifications..................................................................................................... 14 1.3 Develop Policies & procedures.................................................................................................... 14 1.3.1 Define Responsibilities for protection................................................................................... 14 1.3.1.1 Compare existing Policies to best practices................................................................... 14 1.3.1.2 Develop Policy updates.............................................................................................. 15 1.3.1.2.1 Base them on Best-in-class models...................................................................... 15 1.4 Deploy technologies that enable Policy compliance & enforcement...................................................15 1.4.1 Review Compliance technology........................................................................................... 15 1.4.1.1 Compare Tecnology solutions...................................................................................... 16 1.4.1.1.1 Assess the Costs............................................................................................... 16 1.4.1.1.2 Assess the Benefits............................................................................................ 16 1.4.2 Adopt & deploy Policy compliance technology....................................................................... 16 1.4.2.1 Choose technology with Automatic enforcement............................................................ 17 1.5 Communicate & educate a Compliance culture.............................................................................. 17 18/03/2010 11:17:14 Perform 7 steps to information protection 2
1.5.1 Inform people of their Information responsibilities................................................................. 17 1.5.1.1 Draft Key messages................................................................................................... 17 1.5.1.2 Develop Training....................................................................................................... 18 1.5.2 Motivate Information protection behaviour........................................................................... 18 1.5.2.1 Establish an ongoing Communication campaign............................................................. 18 1.6 Integrate practices into Business processes.................................................................................. 18 1.6.1 Identify Key Processes where info is at risk.......................................................................... 19 1.6.2 Develop a plan to integrate Info policy into those processes................................................... 19 1.7 Audit to ensure Stakeholder accountability................................................................................... 19 1.7.1 Examine current Practices & remediate deficiencies............................................................... 19 1.7.1.1 Establish Audit parameters & methodology................................................................... 20 1.7.1.2 Conduct Audit........................................................................................................... 20 1.7.1.2.1 Assess Compliance with info policies.....................................................................20 18/03/2010 11:17:14 Perform 7 steps to information protection 3
1 Perform 7 steps to information protection Meet Perform Assess information Compliancy regulations 7 steps to information Loss & compromise risks WHY HOW From: http://eval.symantec.com/mktginfo/enterprise/white_papers/b- whitepaper_vontu_7_steps_to_information_protection_01-2009.en-us.pdf  And And Maximize Identify & classify "Vulnerability, risk, and information protection challenges Data security Confidential information Every organization is at risk of confidential information loss. Billions of dollars worth of And And profits, competitive advantage, reputation, and market share are at stake. Today’s highly competitive business environment intensifies the vulnerability and risk. Global Safeguard Develop operations, with outsourced and off-shored business functions, spread the vulnerability. Intellectual property Policies & procedures Tools for accessing and distributing information, such as the Internet and mobile computing devices, exacerbate the risk. And Information vulnerability and risk come from both malicious and unintentional Deploy technologies that enable disclosures by employees and partners; unintentional disclosures are usually the larger Policy compliance & enforc... problem. Reducing these risks and vulnerabilities is now both a business imperative and a legal mandate as recent regulations impose obligations on organizations to protect And certain types of information. Communicate & educate a Compliance culture Global corporations and government organizations require more than network security and access control to guard their confidential data. They must protect the information And itself, inform the behavior of those carrying the information, have visibility regarding where their confidential data resides on their network, have influence over where that Integrate practices into data is going, and implement a policy for managing it. A strategy that balances the Business processes organization’s legal and business needs to protect information with the competing interests to share it is vital. And Audit to ensure 7 steps to information protection Stakeholder accountability Information protection strategy best practices involve a cross-functional team that: 1. Assesses risks 2. Identifies and classifies confidential information 3. Develops information protection policies and procedures 4. Deploys technologies that enable policy compliance and enforcement 5. Communicates and educates stakeholders to create a compliance culture 6. Integrates information protection practices into businesses processes 7. Audits so that stakeholders are held accountable." 18/03/2010 11:17:14 Perform 7 steps to information protection 4
1.1 Meet Compliancy regulations Meet Perform Compliancy regulations 7 steps to information HOW [The author has not attached any text yet.] 1.2 Maximize Data security Maximize Perform Data security 7 steps to information HOW [The author has not attached any text yet.] 1.3 Safeguard Intellectual property Safeguard Perform Intellectual property 7 steps to information HOW [The author has not attached any text yet.] 1.1 Assess information Loss & compromise risks Perform Assess information Determine info protection Assess information Loss & compromise risks 7 steps to information Loss & compromise risks Strategy approach & priorities WHY HOW   1.1.1 Determine info protection Strategy approach & priorities [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 5
Assess information Determine info protection Conduct a Loss & compromise risks Strategy approach & priorities Risk assessment and survey WHY HOW And Implement software to identify Technical risk 1.1.1.1 Conduct a Risk assessment and survey Determine info protection Conduct a Identify which Strategy approach & priorities Risk assessment and survey Info should be protected WHY HOW [The author has not attached any text yet.] And Distinguish Types of confidential informa... And Determine Perceived risks And Identify Existing info protection And Identify high risk Business processes And Determine awareness of Incidents of info vulnerability And Understand the Organizations risk tolerance And Understand companies related Priorities & preferences And Quantify & qualify the risk of Confidential information loss 18/03/2010 11:17:14 Perform 7 steps to information protection 6
1.1.1.1.1 Identify which Info should be protected Conduct a Identify which Risk assessment and survey Info should be protected WHY [The author has not attached any text yet.] 1.1.1.1.2 Distinguish Types of confidential Conduct a Distinguish Apply Risk assessment and survey Types of confidential informa... Classifications information WHY HOW [The author has not attached any text yet.] 1.1.1.1.2.1 Apply Classifications Distinguish Apply Types of confidential informa... Classifications WHY [The author has not attached any text yet.] 1.1.1.1.3 Determine Perceived risks Conduct a Determine Risk assessment and survey Perceived risks WHY [The author has not attached any text yet.] 1.1.1.1.4 Identify Existing info protection [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 7
Conduct a Identify Identify Risk assessment and survey Existing info protection Policies WHY HOW And Identify Procedures And Identify Practices 1.1.1.1.4.1 Identify Policies Identify Identify Existing info protection Policies WHY [The author has not attached any text yet.] 1.1.1.1.4.2 Identify Procedures Identify Identify Existing info protection Procedures WHY [The author has not attached any text yet.] 1.1.1.1.4.3 Identify Practices Identify Identify Existing info protection Practices WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 8
1.1.1.1.5 Identify high risk Business processes Conduct a Identify high risk Risk assessment and survey Business processes WHY [The author has not attached any text yet.] 1.1.1.1.6 Determine awareness of Incidents of info Conduct a Determine awareness of Risk assessment and survey Incidents of info vulnerability vulnerability WHY [The author has not attached any text yet.] 1.1.1.1.7 Understand the Organizations risk Conduct a Understand the Risk assessment and survey Organizations risk tolerance tolerance WHY [The author has not attached any text yet.] 1.1.1.1.8 Understand companies related Priorities & Conduct a Understand companies related Risk assessment and survey Priorities & preferences preferences WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 9
1.1.1.1.9 Quantify & qualify the risk of Confidential Conduct a Quantify & qualify the risk of Risk assessment and survey Confidential information loss information loss WHY [The author has not attached any text yet.] 1.1.1.2 Implement software to identify Technical risk Determine info protection Implement software to identify Locate Strategy approach & priorities Technical risk Confidential data on network WHY HOW [The author has not attached any text yet.] And Determine who has Access And Demonstrate Internal information flow And Collate evidence of Unauthorized info transfer And Identify High risk business processes And Document At-risk confidential data And Quantify Risk of non-compliance And Provide a record of Internal / external info flow 18/03/2010 11:17:14 Perform 7 steps to information protection 10
1.1.1.2.1 Locate Confidential data on network Implement software to identify Locate Technical risk Confidential data on network WHY [The author has not attached any text yet.] 1.1.1.2.2 Determine who has Access Implement software to identify Determine who has Technical risk Access WHY [The author has not attached any text yet.] 1.1.1.2.3 Demonstrate Internal information flow Implement software to identify Demonstrate Technical risk Internal information flow WHY [The author has not attached any text yet.] 1.1.1.2.4 Collate evidence of Unauthorized info Implement software to identify Collate evidence of Technical risk Unauthorized info transfer transfer WHY [The author has not attached any text yet.] 1.1.1.2.5 Identify High risk business processes [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 11
Implement software to identify Identify Technical risk High risk business processes WHY 1.1.1.2.6 Document At-risk confidential data Implement software to identify Document Technical risk At-risk confidential data WHY [The author has not attached any text yet.] 1.1.1.2.7 Quantify Risk of non-compliance Implement software to identify Quantify Technical risk Risk of non-compliance WHY [The author has not attached any text yet.] 1.1.1.2.8 Provide a record of Internal / external info Implement software to identify Provide a record of Technical risk Internal / external info flow flow WHY [The author has not attached any text yet.] 1.2 Identify & classify Confidential information Perform Identify & classify Define 7 steps to information Confidential information Confidential information WHY HOW [The author has not attached any text yet.] And Assign Levels of protection 18/03/2010 11:17:14 Perform 7 steps to information protection 12
1.2.1 Define Confidential information Identify & classify Define Use best practices to update Confidential information Confidential information Information classifications WHY HOW [The author has not attached any text yet.] And Identify Confidential information And Apply Classifications 1.2.1.1 Use best practices to update Information Define Use best practices to update Confidential information Information classifications classifications WHY [The author has not attached any text yet.] 1.2.1.2 Identify Confidential information Define Identify Confidential information Confidential information WHY [The author has not attached any text yet.] 1.2.1.3 Apply Classifications Define Apply Confidential information Classifications WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 13
1.2.2 Assign Levels of protection Identify & classify Assign Use Confidential information Levels of protection Classifications WHY HOW [The author has not attached any text yet.] 1.2.2.1 Use Classifications Assign Use Levels of protection Classifications WHY [The author has not attached any text yet.] 1.3 Develop Policies & procedures Perform Develop Define 7 steps to information Policies & procedures Responsibilities for protection WHY HOW [The author has not attached any text yet.] 1.3.1 Define Responsibilities for protection Develop Define Compare existing Policies & procedures Responsibilities for protection Policies to best practices WHY HOW [The author has not attached any text yet.] And Develop Policy updates 1.3.1.1 Compare existing Policies to best practices 18/03/2010 11:17:14 Perform 7 steps to information protection 14
[The author has not attached any text yet.] Define Compare existing Responsibilities for protection Policies to best practices WHY 1.3.1.2 Develop Policy updates Define Develop Base them on Responsibilities for protection Policy updates Best-in-class models WHY HOW [The author has not attached any text yet.] 1.3.1.2.1 Base them on Best-in-class models Develop Base them on Policy updates Best-in-class models WHY [The author has not attached any text yet.] 1.4 Deploy technologies that enable Policy Perform Deploy technologies that Review 7 steps to information enable Compliance technology compliance & enforcement WHY Policy compliance & enforc... HOW And [The author has not attached any text yet.] Adopt & deploy Policy compliance technology 1.4.1 Review Compliance technology Deploy technologies that Review Compare enable Compliance technology Tecnology solutions Policy compliance & enforc... WHY HOW [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 15
1.4.1.1 Compare Tecnology solutions Review Compare Assess the Compliance technology Tecnology solutions Costs WHY HOW [The author has not attached any text yet.] And Assess the Benefits 1.4.1.1.1 Assess the Costs Compare Assess the Tecnology solutions Costs WHY [The author has not attached any text yet.] 1.4.1.1.2 Assess the Benefits Compare Assess the Tecnology solutions Benefits WHY [The author has not attached any text yet.] 1.4.2 Adopt & deploy Policy compliance technology Deploy technologies that Adopt & deploy Choose technology with enable Policy compliance technology Automatic enforcement Policy compliance & enforc... WHY HOW [The author has not attached any text yet.] 1.4.2.1 Choose technology with Automatic enforcement 18/03/2010 11:17:14 Perform 7 steps to information protection 16
Adopt & deploy Choose technology with [The author has not attached any text yet.] Policy compliance technology Automatic enforcement WHY 1.5 Communicate & educate a Compliance culture Perform Communicate & educate a Inform people of their 7 steps to information Compliance culture Information responsibilities WHY HOW [The author has not attached any text yet.] And Motivate Information protection behav... 1.5.1 Inform people of their Information Communicate & educate a Inform people of their Draft Compliance culture Information responsibilities Key messages responsibilities WHY HOW And [The author has not attached any text yet.] Develop Training 1.5.1.1 Draft Key messages Inform people of their Draft Information responsibilities Key messages WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 17
1.5.1.2 Develop Training Inform people of their Develop Information responsibilities Training WHY [The author has not attached any text yet.] 1.5.2 Motivate Information protection behaviour Communicate & educate a Motivate Establish an ongoing Compliance culture Information protection behav... Communication campaign WHY HOW [The author has not attached any text yet.] 1.5.2.1 Establish an ongoing Communication Motivate Establish an ongoing Information protection behav... Communication campaign campaign WHY [The author has not attached any text yet.] 1.6 Integrate practices into Business processes Perform Integrate practices into Identify Key 7 steps to information Business processes Processes where info is at risk WHY HOW [The author has not attached any text yet.] And Develop a plan to integrate Info policy into those processes 18/03/2010 11:17:14 Perform 7 steps to information protection 18
1.6.1 Identify Key Processes where info is at risk Integrate practices into Identify Key Business processes Processes where info is at risk WHY [The author has not attached any text yet.] 1.6.2 Develop a plan to integrate Info policy into Integrate practices into Develop a plan to integrate Business processes Info policy into those processes those processes WHY [The author has not attached any text yet.] 1.7 Audit to ensure Stakeholder accountability Perform Audit to ensure Examine current 7 steps to information Stakeholder accountability Practices & remediate defici... WHY HOW [The author has not attached any text yet.] 1.7.1 Examine current Practices & remediate Audit to ensure Examine current Establish Stakeholder accountability Practices & remediate defici... Audit parameters & methodo... deficiencies WHY HOW And [The author has not attached any text yet.] Conduct Audit 18/03/2010 11:17:14 Perform 7 steps to information protection 19
1.7.1.1 Establish Audit parameters & methodology Examine current Establish Practices & remediate defici... Audit parameters & methodo... WHY [The author has not attached any text yet.] 1.7.1.2 Conduct Audit Examine current Conduct Assess Practices & remediate defici... Audit Compliance with info policies WHY HOW [The author has not attached any text yet.] 1.7.1.2.1 Assess Compliance with info policies Conduct Assess Audit Compliance with info policies WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 20

Recomendados

AppSec Quick Start Guide 011215-2 (1)
AppSec Quick Start Guide 011215-2 (1)AppSec Quick Start Guide 011215-2 (1)
AppSec Quick Start Guide 011215-2 (1)Bilha Diaz
 
Itsa policy
Itsa policyItsa policy
Itsa policyPradip Mhaskar
 
Chemsec Cfats Riskbased Performance Standards[1]
Chemsec Cfats Riskbased Performance Standards[1]Chemsec Cfats Riskbased Performance Standards[1]
Chemsec Cfats Riskbased Performance Standards[1]guest0a566e
 
White Paper Guide For Developing Security Plans
White Paper Guide For Developing Security PlansWhite Paper Guide For Developing Security Plans
White Paper Guide For Developing Security Plansbdana68
 
Itil user guide_r11
Itil user guide_r11Itil user guide_r11
Itil user guide_r11Arshad Havaldar
 
Cy safe 2.0_workbook
Cy safe 2.0_workbookCy safe 2.0_workbook
Cy safe 2.0_workbookErnest Staats
 
Selecting a Password Management Product
Selecting a Password Management ProductSelecting a Password Management Product
Selecting a Password Management ProductHitachi ID Systems, Inc.
 
2010_Preparing for the next crisis
2010_Preparing for the next crisis2010_Preparing for the next crisis
2010_Preparing for the next crisisLuc Spyckerelle
 

Recomendados

AppSec Quick Start Guide 011215-2 (1)
AppSec Quick Start Guide 011215-2 (1)AppSec Quick Start Guide 011215-2 (1)
AppSec Quick Start Guide 011215-2 (1)Bilha Diaz
 
Itsa policy
Itsa policyItsa policy
Itsa policyPradip Mhaskar
 
Chemsec Cfats Riskbased Performance Standards[1]
Chemsec Cfats Riskbased Performance Standards[1]Chemsec Cfats Riskbased Performance Standards[1]
Chemsec Cfats Riskbased Performance Standards[1]guest0a566e
 
White Paper Guide For Developing Security Plans
White Paper Guide For Developing Security PlansWhite Paper Guide For Developing Security Plans
White Paper Guide For Developing Security Plansbdana68
 
Itil user guide_r11
Itil user guide_r11Itil user guide_r11
Itil user guide_r11Arshad Havaldar
 
Cy safe 2.0_workbook
Cy safe 2.0_workbookCy safe 2.0_workbook
Cy safe 2.0_workbookErnest Staats
 
Selecting a Password Management Product
Selecting a Password Management ProductSelecting a Password Management Product
Selecting a Password Management ProductHitachi ID Systems, Inc.
 
2010_Preparing for the next crisis
2010_Preparing for the next crisis2010_Preparing for the next crisis
2010_Preparing for the next crisisLuc Spyckerelle
 
White Paper: The Cyber Resilience Blueprint: A New Perspective on Security
White Paper: The Cyber Resilience Blueprint: A New Perspective on SecurityWhite Paper: The Cyber Resilience Blueprint: A New Perspective on Security
White Paper: The Cyber Resilience Blueprint: A New Perspective on SecuritySymantec
 
Information security
Information securityInformation security
Information securityHai Nguyen
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paperMD ASAD KHAN
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paperwardell henley
 
AIIM_ASG-Automating-Information_Governan
AIIM_ASG-Automating-Information_GovernanAIIM_ASG-Automating-Information_Governan
AIIM_ASG-Automating-Information_GovernanPatrick BOURLARD
 
Vss pcicomus-en
Vss pcicomus-enVss pcicomus-en
Vss pcicomus-enLaurie LeBlanc
 
Stopping Malware
Stopping MalwareStopping Malware
Stopping MalwareGFI Software
 
MBM A Risk Management Approach to HITECH Whitepaper
MBM A Risk Management Approach to HITECH WhitepaperMBM A Risk Management Approach to HITECH Whitepaper
MBM A Risk Management Approach to HITECH WhitepaperMBMeHealthCareSolutions
 
Complex queries in_business_objects
Complex queries in_business_objectsComplex queries in_business_objects
Complex queries in_business_objectscmcmm
 
Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30pladott1
 
Business objects51en
Business objects51enBusiness objects51en
Business objects51enChandan Behura
 
Penetration Testing Procedures & Methodologies.pdf
Penetration Testing Procedures & Methodologies.pdfPenetration Testing Procedures & Methodologies.pdf
Penetration Testing Procedures & Methodologies.pdfHimalaya raj Sinha
 
Iso 27001 Audit Evidence Acquisitionv3
Iso 27001 Audit Evidence Acquisitionv3Iso 27001 Audit Evidence Acquisitionv3
Iso 27001 Audit Evidence Acquisitionv3Ben Omoakin Oguntala, developingafrica(dot)net
 
BetterCloud Whitepaper: Fixing IT's Blindspots – 8 Critical Security and Mana...
BetterCloud Whitepaper: Fixing IT's Blindspots – 8 Critical Security and Mana...BetterCloud Whitepaper: Fixing IT's Blindspots – 8 Critical Security and Mana...
BetterCloud Whitepaper: Fixing IT's Blindspots – 8 Critical Security and Mana...BetterCloud
 
White Paper: Gigya's Information Security and Data Privacy Practices
White Paper: Gigya's Information Security and Data Privacy PracticesWhite Paper: Gigya's Information Security and Data Privacy Practices
White Paper: Gigya's Information Security and Data Privacy PracticesGigya
 
Privacy and Tracking in a Post-Cookie World
Privacy and Tracking in a Post-Cookie WorldPrivacy and Tracking in a Post-Cookie World
Privacy and Tracking in a Post-Cookie WorldAli Babaoglan Blog
 
Adobe Audience Manager Readiness Playbook
Adobe Audience Manager Readiness PlaybookAdobe Audience Manager Readiness Playbook
Adobe Audience Manager Readiness PlaybookChristophe Lauer
 
SPi Global Services Overview
SPi Global Services OverviewSPi Global Services Overview
SPi Global Services Overviewbloevens
 
The Analytics Revolution 2011: Optimizing Reporting and Analytics to Make A...
The Analytics Revolution 2011: Optimizing Reporting and Analytics to Make A...The Analytics Revolution 2011: Optimizing Reporting and Analytics to Make A...
The Analytics Revolution 2011: Optimizing Reporting and Analytics to Make A...IBM India Smarter Computing
 
Erm2000
Erm2000Erm2000
Erm2000Dinesh Bargale
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Mais conteúdo relacionado

Semelhante a Perform 7 Steps To Information Protection

White Paper: The Cyber Resilience Blueprint: A New Perspective on Security
White Paper: The Cyber Resilience Blueprint: A New Perspective on SecurityWhite Paper: The Cyber Resilience Blueprint: A New Perspective on Security
White Paper: The Cyber Resilience Blueprint: A New Perspective on SecuritySymantec
 
Information security
Information securityInformation security
Information securityHai Nguyen
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paperMD ASAD KHAN
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paperwardell henley
 
AIIM_ASG-Automating-Information_Governan
AIIM_ASG-Automating-Information_GovernanAIIM_ASG-Automating-Information_Governan
AIIM_ASG-Automating-Information_GovernanPatrick BOURLARD
 
MBM A Risk Management Approach to HITECH Whitepaper
MBM A Risk Management Approach to HITECH WhitepaperMBM A Risk Management Approach to HITECH Whitepaper
MBM A Risk Management Approach to HITECH WhitepaperMBMeHealthCareSolutions
 
Complex queries in_business_objects
Complex queries in_business_objectsComplex queries in_business_objects
Complex queries in_business_objectscmcmm
 
Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30pladott1
 
Penetration Testing Procedures & Methodologies.pdf
Penetration Testing Procedures & Methodologies.pdfPenetration Testing Procedures & Methodologies.pdf
Penetration Testing Procedures & Methodologies.pdfHimalaya raj Sinha
 
BetterCloud Whitepaper: Fixing IT's Blindspots – 8 Critical Security and Mana...
BetterCloud Whitepaper: Fixing IT's Blindspots – 8 Critical Security and Mana...BetterCloud Whitepaper: Fixing IT's Blindspots – 8 Critical Security and Mana...
BetterCloud Whitepaper: Fixing IT's Blindspots – 8 Critical Security and Mana...BetterCloud
 
White Paper: Gigya's Information Security and Data Privacy Practices
White Paper: Gigya's Information Security and Data Privacy PracticesWhite Paper: Gigya's Information Security and Data Privacy Practices
White Paper: Gigya's Information Security and Data Privacy PracticesGigya
 
Privacy and Tracking in a Post-Cookie World
Privacy and Tracking in a Post-Cookie WorldPrivacy and Tracking in a Post-Cookie World
Privacy and Tracking in a Post-Cookie WorldAli Babaoglan Blog
 
Adobe Audience Manager Readiness Playbook
Adobe Audience Manager Readiness PlaybookAdobe Audience Manager Readiness Playbook
Adobe Audience Manager Readiness PlaybookChristophe Lauer
 
SPi Global Services Overview
SPi Global Services OverviewSPi Global Services Overview
SPi Global Services Overviewbloevens
 
The Analytics Revolution 2011: Optimizing Reporting and Analytics to Make A...
The Analytics Revolution 2011: Optimizing Reporting and Analytics to Make A...The Analytics Revolution 2011: Optimizing Reporting and Analytics to Make A...
The Analytics Revolution 2011: Optimizing Reporting and Analytics to Make A...IBM India Smarter Computing
 

Semelhante a Perform 7 Steps To Information Protection (20)

White Paper: The Cyber Resilience Blueprint: A New Perspective on Security
White Paper: The Cyber Resilience Blueprint: A New Perspective on SecurityWhite Paper: The Cyber Resilience Blueprint: A New Perspective on Security
White Paper: The Cyber Resilience Blueprint: A New Perspective on Security
 
Information security
Information securityInformation security
Information security
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paper
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paper
 
AIIM_ASG-Automating-Information_Governan
AIIM_ASG-Automating-Information_GovernanAIIM_ASG-Automating-Information_Governan
AIIM_ASG-Automating-Information_Governan
 
Vss pcicomus-en
Vss pcicomus-enVss pcicomus-en
Vss pcicomus-en
 
Stopping Malware
Stopping MalwareStopping Malware
Stopping Malware
 
MBM A Risk Management Approach to HITECH Whitepaper
MBM A Risk Management Approach to HITECH WhitepaperMBM A Risk Management Approach to HITECH Whitepaper
MBM A Risk Management Approach to HITECH Whitepaper
 
Complex queries in_business_objects
Complex queries in_business_objectsComplex queries in_business_objects
Complex queries in_business_objects
 
Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30
 
Business objects51en
Business objects51enBusiness objects51en
Business objects51en
 
Penetration Testing Procedures & Methodologies.pdf
Penetration Testing Procedures & Methodologies.pdfPenetration Testing Procedures & Methodologies.pdf
Penetration Testing Procedures & Methodologies.pdf
 
Iso 27001 Audit Evidence Acquisitionv3
Iso 27001 Audit Evidence Acquisitionv3Iso 27001 Audit Evidence Acquisitionv3
Iso 27001 Audit Evidence Acquisitionv3
 
BetterCloud Whitepaper: Fixing IT's Blindspots – 8 Critical Security and Mana...
BetterCloud Whitepaper: Fixing IT's Blindspots – 8 Critical Security and Mana...BetterCloud Whitepaper: Fixing IT's Blindspots – 8 Critical Security and Mana...
BetterCloud Whitepaper: Fixing IT's Blindspots – 8 Critical Security and Mana...
 
White Paper: Gigya's Information Security and Data Privacy Practices
White Paper: Gigya's Information Security and Data Privacy PracticesWhite Paper: Gigya's Information Security and Data Privacy Practices
White Paper: Gigya's Information Security and Data Privacy Practices
 
Privacy and Tracking in a Post-Cookie World
Privacy and Tracking in a Post-Cookie WorldPrivacy and Tracking in a Post-Cookie World
Privacy and Tracking in a Post-Cookie World
 
Adobe Audience Manager Readiness Playbook
Adobe Audience Manager Readiness PlaybookAdobe Audience Manager Readiness Playbook
Adobe Audience Manager Readiness Playbook
 
SPi Global Services Overview
SPi Global Services OverviewSPi Global Services Overview
SPi Global Services Overview
 
The Analytics Revolution 2011: Optimizing Reporting and Analytics to Make A...
The Analytics Revolution 2011: Optimizing Reporting and Analytics to Make A...The Analytics Revolution 2011: Optimizing Reporting and Analytics to Make A...
The Analytics Revolution 2011: Optimizing Reporting and Analytics to Make A...
 
Erm2000
Erm2000Erm2000
Erm2000
 

Último

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Último (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Perform 7 Steps To Information Protection

  • 1. Perform 7 steps to information protection Document created: 18/03/2010 11:17:14 18/03/2010 11:17:14 Perform 7 steps to information protection 1
  • 2. Table of Contents 1 Perform 7 steps to information protection............................................................................................. 4 1.1 Meet Compliancy regulations....................................................................................................... 5 1.2 Maximize Data security............................................................................................................... 5 1.3 Safeguard Intellectual property.................................................................................................... 5 1.1 Assess information Loss & compromise risks.................................................................................. 5 1.1.1 Determine info protection Strategy approach & priorities..........................................................5 1.1.1.1 Conduct a Risk assessment and survey.......................................................................... 6 1.1.1.1.1 Identify which Info should be protected.................................................................. 7 1.1.1.1.2 Distinguish Types of confidential information........................................................... 7 1.1.1.1.2.1 Apply Classifications..................................................................................... 7 1.1.1.1.3 Determine Perceived risks.................................................................................... 7 1.1.1.1.4 Identify Existing info protection............................................................................. 7 1.1.1.1.4.1 Identify Policies........................................................................................... 8 1.1.1.1.4.2 Identify Procedures...................................................................................... 8 1.1.1.1.4.3 Identify Practices......................................................................................... 8 1.1.1.1.5 Identify high risk Business processes..................................................................... 9 1.1.1.1.6 Determine awareness of Incidents of info vulnerability............................................. 9 1.1.1.1.7 Understand the Organizations risk tolerance........................................................... 9 1.1.1.1.8 Understand companies related Priorities & preferences............................................. 9 1.1.1.1.9 Quantify & qualify the risk of Confidential information loss...................................... 10 1.1.1.2 Implement software to identify Technical risk................................................................ 10 1.1.1.2.1 Locate Confidential data on network..................................................................... 11 1.1.1.2.2 Determine who has Access..................................................................................11 1.1.1.2.3 Demonstrate Internal information flow................................................................. 11 1.1.1.2.4 Collate evidence of Unauthorized info transfer....................................................... 11 1.1.1.2.5 Identify High risk business processes................................................................... 11 1.1.1.2.6 Document At-risk confidential data...................................................................... 12 1.1.1.2.7 Quantify Risk of non-compliance.......................................................................... 12 1.1.1.2.8 Provide a record of Internal / external info flow..................................................... 12 1.2 Identify & classify Confidential information................................................................................... 12 1.2.1 Define Confidential information........................................................................................... 13 1.2.1.1 Use best practices to update Information classifications.................................................. 13 1.2.1.2 Identify Confidential information................................................................................. 13 1.2.1.3 Apply Classifications.................................................................................................. 13 1.2.2 Assign Levels of protection................................................................................................. 14 1.2.2.1 Use Classifications..................................................................................................... 14 1.3 Develop Policies & procedures.................................................................................................... 14 1.3.1 Define Responsibilities for protection................................................................................... 14 1.3.1.1 Compare existing Policies to best practices................................................................... 14 1.3.1.2 Develop Policy updates.............................................................................................. 15 1.3.1.2.1 Base them on Best-in-class models...................................................................... 15 1.4 Deploy technologies that enable Policy compliance & enforcement...................................................15 1.4.1 Review Compliance technology........................................................................................... 15 1.4.1.1 Compare Tecnology solutions...................................................................................... 16 1.4.1.1.1 Assess the Costs............................................................................................... 16 1.4.1.1.2 Assess the Benefits............................................................................................ 16 1.4.2 Adopt & deploy Policy compliance technology....................................................................... 16 1.4.2.1 Choose technology with Automatic enforcement............................................................ 17 1.5 Communicate & educate a Compliance culture.............................................................................. 17 18/03/2010 11:17:14 Perform 7 steps to information protection 2
  • 3. 1.5.1 Inform people of their Information responsibilities................................................................. 17 1.5.1.1 Draft Key messages................................................................................................... 17 1.5.1.2 Develop Training....................................................................................................... 18 1.5.2 Motivate Information protection behaviour........................................................................... 18 1.5.2.1 Establish an ongoing Communication campaign............................................................. 18 1.6 Integrate practices into Business processes.................................................................................. 18 1.6.1 Identify Key Processes where info is at risk.......................................................................... 19 1.6.2 Develop a plan to integrate Info policy into those processes................................................... 19 1.7 Audit to ensure Stakeholder accountability................................................................................... 19 1.7.1 Examine current Practices & remediate deficiencies............................................................... 19 1.7.1.1 Establish Audit parameters & methodology................................................................... 20 1.7.1.2 Conduct Audit........................................................................................................... 20 1.7.1.2.1 Assess Compliance with info policies.....................................................................20 18/03/2010 11:17:14 Perform 7 steps to information protection 3
  • 4. 1 Perform 7 steps to information protection Meet Perform Assess information Compliancy regulations 7 steps to information Loss & compromise risks WHY HOW From: http://eval.symantec.com/mktginfo/enterprise/white_papers/b- whitepaper_vontu_7_steps_to_information_protection_01-2009.en-us.pdf  And And Maximize Identify & classify "Vulnerability, risk, and information protection challenges Data security Confidential information Every organization is at risk of confidential information loss. Billions of dollars worth of And And profits, competitive advantage, reputation, and market share are at stake. Today’s highly competitive business environment intensifies the vulnerability and risk. Global Safeguard Develop operations, with outsourced and off-shored business functions, spread the vulnerability. Intellectual property Policies & procedures Tools for accessing and distributing information, such as the Internet and mobile computing devices, exacerbate the risk. And Information vulnerability and risk come from both malicious and unintentional Deploy technologies that enable disclosures by employees and partners; unintentional disclosures are usually the larger Policy compliance & enforc... problem. Reducing these risks and vulnerabilities is now both a business imperative and a legal mandate as recent regulations impose obligations on organizations to protect And certain types of information. Communicate & educate a Compliance culture Global corporations and government organizations require more than network security and access control to guard their confidential data. They must protect the information And itself, inform the behavior of those carrying the information, have visibility regarding where their confidential data resides on their network, have influence over where that Integrate practices into data is going, and implement a policy for managing it. A strategy that balances the Business processes organization’s legal and business needs to protect information with the competing interests to share it is vital. And Audit to ensure 7 steps to information protection Stakeholder accountability Information protection strategy best practices involve a cross-functional team that: 1. Assesses risks 2. Identifies and classifies confidential information 3. Develops information protection policies and procedures 4. Deploys technologies that enable policy compliance and enforcement 5. Communicates and educates stakeholders to create a compliance culture 6. Integrates information protection practices into businesses processes 7. Audits so that stakeholders are held accountable." 18/03/2010 11:17:14 Perform 7 steps to information protection 4
  • 5. 1.1 Meet Compliancy regulations Meet Perform Compliancy regulations 7 steps to information HOW [The author has not attached any text yet.] 1.2 Maximize Data security Maximize Perform Data security 7 steps to information HOW [The author has not attached any text yet.] 1.3 Safeguard Intellectual property Safeguard Perform Intellectual property 7 steps to information HOW [The author has not attached any text yet.] 1.1 Assess information Loss & compromise risks Perform Assess information Determine info protection Assess information Loss & compromise risks 7 steps to information Loss & compromise risks Strategy approach & priorities WHY HOW   1.1.1 Determine info protection Strategy approach & priorities [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 5
  • 6. Assess information Determine info protection Conduct a Loss & compromise risks Strategy approach & priorities Risk assessment and survey WHY HOW And Implement software to identify Technical risk 1.1.1.1 Conduct a Risk assessment and survey Determine info protection Conduct a Identify which Strategy approach & priorities Risk assessment and survey Info should be protected WHY HOW [The author has not attached any text yet.] And Distinguish Types of confidential informa... And Determine Perceived risks And Identify Existing info protection And Identify high risk Business processes And Determine awareness of Incidents of info vulnerability And Understand the Organizations risk tolerance And Understand companies related Priorities & preferences And Quantify & qualify the risk of Confidential information loss 18/03/2010 11:17:14 Perform 7 steps to information protection 6
  • 7. 1.1.1.1.1 Identify which Info should be protected Conduct a Identify which Risk assessment and survey Info should be protected WHY [The author has not attached any text yet.] 1.1.1.1.2 Distinguish Types of confidential Conduct a Distinguish Apply Risk assessment and survey Types of confidential informa... Classifications information WHY HOW [The author has not attached any text yet.] 1.1.1.1.2.1 Apply Classifications Distinguish Apply Types of confidential informa... Classifications WHY [The author has not attached any text yet.] 1.1.1.1.3 Determine Perceived risks Conduct a Determine Risk assessment and survey Perceived risks WHY [The author has not attached any text yet.] 1.1.1.1.4 Identify Existing info protection [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 7
  • 8. Conduct a Identify Identify Risk assessment and survey Existing info protection Policies WHY HOW And Identify Procedures And Identify Practices 1.1.1.1.4.1 Identify Policies Identify Identify Existing info protection Policies WHY [The author has not attached any text yet.] 1.1.1.1.4.2 Identify Procedures Identify Identify Existing info protection Procedures WHY [The author has not attached any text yet.] 1.1.1.1.4.3 Identify Practices Identify Identify Existing info protection Practices WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 8
  • 9. 1.1.1.1.5 Identify high risk Business processes Conduct a Identify high risk Risk assessment and survey Business processes WHY [The author has not attached any text yet.] 1.1.1.1.6 Determine awareness of Incidents of info Conduct a Determine awareness of Risk assessment and survey Incidents of info vulnerability vulnerability WHY [The author has not attached any text yet.] 1.1.1.1.7 Understand the Organizations risk Conduct a Understand the Risk assessment and survey Organizations risk tolerance tolerance WHY [The author has not attached any text yet.] 1.1.1.1.8 Understand companies related Priorities & Conduct a Understand companies related Risk assessment and survey Priorities & preferences preferences WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 9
  • 10. 1.1.1.1.9 Quantify & qualify the risk of Confidential Conduct a Quantify & qualify the risk of Risk assessment and survey Confidential information loss information loss WHY [The author has not attached any text yet.] 1.1.1.2 Implement software to identify Technical risk Determine info protection Implement software to identify Locate Strategy approach & priorities Technical risk Confidential data on network WHY HOW [The author has not attached any text yet.] And Determine who has Access And Demonstrate Internal information flow And Collate evidence of Unauthorized info transfer And Identify High risk business processes And Document At-risk confidential data And Quantify Risk of non-compliance And Provide a record of Internal / external info flow 18/03/2010 11:17:14 Perform 7 steps to information protection 10
  • 11. 1.1.1.2.1 Locate Confidential data on network Implement software to identify Locate Technical risk Confidential data on network WHY [The author has not attached any text yet.] 1.1.1.2.2 Determine who has Access Implement software to identify Determine who has Technical risk Access WHY [The author has not attached any text yet.] 1.1.1.2.3 Demonstrate Internal information flow Implement software to identify Demonstrate Technical risk Internal information flow WHY [The author has not attached any text yet.] 1.1.1.2.4 Collate evidence of Unauthorized info Implement software to identify Collate evidence of Technical risk Unauthorized info transfer transfer WHY [The author has not attached any text yet.] 1.1.1.2.5 Identify High risk business processes [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 11
  • 12. Implement software to identify Identify Technical risk High risk business processes WHY 1.1.1.2.6 Document At-risk confidential data Implement software to identify Document Technical risk At-risk confidential data WHY [The author has not attached any text yet.] 1.1.1.2.7 Quantify Risk of non-compliance Implement software to identify Quantify Technical risk Risk of non-compliance WHY [The author has not attached any text yet.] 1.1.1.2.8 Provide a record of Internal / external info Implement software to identify Provide a record of Technical risk Internal / external info flow flow WHY [The author has not attached any text yet.] 1.2 Identify & classify Confidential information Perform Identify & classify Define 7 steps to information Confidential information Confidential information WHY HOW [The author has not attached any text yet.] And Assign Levels of protection 18/03/2010 11:17:14 Perform 7 steps to information protection 12
  • 13. 1.2.1 Define Confidential information Identify & classify Define Use best practices to update Confidential information Confidential information Information classifications WHY HOW [The author has not attached any text yet.] And Identify Confidential information And Apply Classifications 1.2.1.1 Use best practices to update Information Define Use best practices to update Confidential information Information classifications classifications WHY [The author has not attached any text yet.] 1.2.1.2 Identify Confidential information Define Identify Confidential information Confidential information WHY [The author has not attached any text yet.] 1.2.1.3 Apply Classifications Define Apply Confidential information Classifications WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 13
  • 14. 1.2.2 Assign Levels of protection Identify & classify Assign Use Confidential information Levels of protection Classifications WHY HOW [The author has not attached any text yet.] 1.2.2.1 Use Classifications Assign Use Levels of protection Classifications WHY [The author has not attached any text yet.] 1.3 Develop Policies & procedures Perform Develop Define 7 steps to information Policies & procedures Responsibilities for protection WHY HOW [The author has not attached any text yet.] 1.3.1 Define Responsibilities for protection Develop Define Compare existing Policies & procedures Responsibilities for protection Policies to best practices WHY HOW [The author has not attached any text yet.] And Develop Policy updates 1.3.1.1 Compare existing Policies to best practices 18/03/2010 11:17:14 Perform 7 steps to information protection 14
  • 15. [The author has not attached any text yet.] Define Compare existing Responsibilities for protection Policies to best practices WHY 1.3.1.2 Develop Policy updates Define Develop Base them on Responsibilities for protection Policy updates Best-in-class models WHY HOW [The author has not attached any text yet.] 1.3.1.2.1 Base them on Best-in-class models Develop Base them on Policy updates Best-in-class models WHY [The author has not attached any text yet.] 1.4 Deploy technologies that enable Policy Perform Deploy technologies that Review 7 steps to information enable Compliance technology compliance & enforcement WHY Policy compliance & enforc... HOW And [The author has not attached any text yet.] Adopt & deploy Policy compliance technology 1.4.1 Review Compliance technology Deploy technologies that Review Compare enable Compliance technology Tecnology solutions Policy compliance & enforc... WHY HOW [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 15
  • 16. 1.4.1.1 Compare Tecnology solutions Review Compare Assess the Compliance technology Tecnology solutions Costs WHY HOW [The author has not attached any text yet.] And Assess the Benefits 1.4.1.1.1 Assess the Costs Compare Assess the Tecnology solutions Costs WHY [The author has not attached any text yet.] 1.4.1.1.2 Assess the Benefits Compare Assess the Tecnology solutions Benefits WHY [The author has not attached any text yet.] 1.4.2 Adopt & deploy Policy compliance technology Deploy technologies that Adopt & deploy Choose technology with enable Policy compliance technology Automatic enforcement Policy compliance & enforc... WHY HOW [The author has not attached any text yet.] 1.4.2.1 Choose technology with Automatic enforcement 18/03/2010 11:17:14 Perform 7 steps to information protection 16
  • 17. Adopt & deploy Choose technology with [The author has not attached any text yet.] Policy compliance technology Automatic enforcement WHY 1.5 Communicate & educate a Compliance culture Perform Communicate & educate a Inform people of their 7 steps to information Compliance culture Information responsibilities WHY HOW [The author has not attached any text yet.] And Motivate Information protection behav... 1.5.1 Inform people of their Information Communicate & educate a Inform people of their Draft Compliance culture Information responsibilities Key messages responsibilities WHY HOW And [The author has not attached any text yet.] Develop Training 1.5.1.1 Draft Key messages Inform people of their Draft Information responsibilities Key messages WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 17
  • 18. 1.5.1.2 Develop Training Inform people of their Develop Information responsibilities Training WHY [The author has not attached any text yet.] 1.5.2 Motivate Information protection behaviour Communicate & educate a Motivate Establish an ongoing Compliance culture Information protection behav... Communication campaign WHY HOW [The author has not attached any text yet.] 1.5.2.1 Establish an ongoing Communication Motivate Establish an ongoing Information protection behav... Communication campaign campaign WHY [The author has not attached any text yet.] 1.6 Integrate practices into Business processes Perform Integrate practices into Identify Key 7 steps to information Business processes Processes where info is at risk WHY HOW [The author has not attached any text yet.] And Develop a plan to integrate Info policy into those processes 18/03/2010 11:17:14 Perform 7 steps to information protection 18
  • 19. 1.6.1 Identify Key Processes where info is at risk Integrate practices into Identify Key Business processes Processes where info is at risk WHY [The author has not attached any text yet.] 1.6.2 Develop a plan to integrate Info policy into Integrate practices into Develop a plan to integrate Business processes Info policy into those processes those processes WHY [The author has not attached any text yet.] 1.7 Audit to ensure Stakeholder accountability Perform Audit to ensure Examine current 7 steps to information Stakeholder accountability Practices & remediate defici... WHY HOW [The author has not attached any text yet.] 1.7.1 Examine current Practices & remediate Audit to ensure Examine current Establish Stakeholder accountability Practices & remediate defici... Audit parameters & methodo... deficiencies WHY HOW And [The author has not attached any text yet.] Conduct Audit 18/03/2010 11:17:14 Perform 7 steps to information protection 19
  • 20. 1.7.1.1 Establish Audit parameters & methodology Examine current Establish Practices & remediate defici... Audit parameters & methodo... WHY [The author has not attached any text yet.] 1.7.1.2 Conduct Audit Examine current Conduct Assess Practices & remediate defici... Audit Compliance with info policies WHY HOW [The author has not attached any text yet.] 1.7.1.2.1 Assess Compliance with info policies Conduct Assess Audit Compliance with info policies WHY [The author has not attached any text yet.] 18/03/2010 11:17:14 Perform 7 steps to information protection 20