Risk Management Data
Statistics & Risk Management
Risk Management Data
Statistics & Risk Management
Think of the millions of people who use the Internet. With personal and financial data on the line, 'data risk management' not only reduces the impact of hackers and other malicious acts, but it also helps organizations meet regulatory compliance mandates. In today's business climate, we are usually referring to computers and servers full of information that need to be protected.
There are three key areas of data risk management:
Data Classification involves identifying which data is sensitive. Classification of data can be used to find sensitive data such as credit card numbers, medical records, social security numbers, etc. The process of classifying data helps accelerate the process of locating sensitive data.
Many times systems in place to prevent a data breach are mis-configured or do not contain the correct patches. This is where vulnerability assessments come into play. These assessments bring to light where mitigation needs to occur to reduce the risk of a data breach. Most organizations will use a Database Firewall or Web Application Firewall to prevent a data breach of servers or computers. Vulnerability assessments can help prioritize mitigation planning based on two factors, data sensitivity and associated risk.
Sensitive data must be protected even from those within the organization. User rights management is the process of preventing insiders from maliciously accessing sensitive data. This includes auditing user access rights, reducing rights to a need-to-know level, identifying users, etc. Best-practices acts have been established by organizations like PCI, HIPAA and SOX.
Created with SoftChalk
