Think In Layers for Effective Data Security
Dec 1, 2006 12:00 PM
A layered approach is a long-held practice for providing an organized and effective approach to physical security. It's also a strategy that works well for information security.
“A layered approach to data security helps companies eliminate the risks associated with the accidental or malicious disclosure of data through unsecured computers,” says John Livingston, CEO of Absolute Software. This approach, according to Livingston, includes policies and practices that address regulatory compliance law, data protection and computer theft recovery. Absolute Software defines these “layers” for better corporate data protection.
LAYER 1
IDENTIFY AND CONTROL ACCESS TO SENSITIVE INFORMATION. Recognize what types of sensitive data your organization has, identify who needs access to the information and specify different levels of access for individuals and departments.
LAYER 2
CREATE RULES ON HOW INFORMATION IS STORED, ACCESSED AND TRANSPORTED. This will include on- and off-site practices, desktop, mobile device, removable device guidelines and controls for downloading and remote transmission of information.
LAYER 3
DOCUMENT “COMMON SENSE” GUIDELINES ON LAPTOP USE AND DEVICE SECURITY. Avoid accessing information in public places that may have unsecured wireless networks, such as buses, airports and Internet cafes.
LAYER 4
MANDATE DATA PROTECTION ON ALL REMOTE, MOBILE AND LOCAL DEVICES. Install and use encryption, strong authentication, firewalls and remote data deletion on lost or stolen devices.
LAYER 5
SET RULES FOR DESTROYING AND STORING OLD DATA. Comply with local, state and/or federal security mandates and establish internal initiatives for data storage and audits.
LAYER 6
ESTABLISH MANDATORY COMPLIANCE TO USER AUTHENTICATION. Validate the identity of users to devices and require re-authentication after specified periods of inactivity.
LAYER 7
DEVELOP PROCEDURES FOR MANAGING CORPORATE DATABASE TRANSACTIONS. Identify when to make only partial information available and monitor all data access for irregularities.
LAYER 8
CREATE A CONTINGENCY PLAN. Identify the resulting damage to the enterprise in the event of a breach and develop protocols to mitigate risk.
LAYER 9
PROTECT ALL MOBILE DEVICES AND NOTEBOOKS. Use asset tracking and recovery software to monitor the location of devices.
LAYER 10
EVALUATE POLICIES, PROCESSES AND TECHNOLOGY ON AN ONGOING BASIS. This helps employees to understand the security plan, as well as roles and responsibilities throughout the organization.
Want to use this article? Click here for options!
© 2012 Penton Media Inc.
Today's New Product
|
Privaris Biometric Verification SoftwareIn support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization. |
advertisement
This month in Access Control
- Targeting The Customer
- Electronic Pedigrees
- One Hero Among Many
- Who? What? When? Where? Why?
- More from September's issue
Latest Jobs
advertisement