There is more data moving through and across organizations than there ever has been before. Cloud computing, mobile access, social media integration and more have ushered in entirely new commercial possibilities, but each carries unique risk. CIO.com points out that in the wrong hands, the wealth data being generated and consumed can lead to breaches and may become a liability. This means businesses should be adding nuance to their existing data protection policies, governing traditional and novel interactions with the information which matters the most.
One place companies can take a cue from is the U.S. Department of Defense, according to the news source, as an IT professional said it plans to use a system that has the ability to utilize and develop information while denying others the same access.
"This is not a technology problem," Andrew Serwin, CEO and executive director of The Lares Institute, told the CIO.com. "It's an information problem. What I have been advocating to deal with that is a doctrine that started at DoD, which is Information Superiority. At DoD, they want to have command and control of the information domain. In the private sector, that means you want to make superior use of information within the company to reduce cyber risk, increase profit, reduce costs and protect against brand damage."
Serwin said one example from the DoD is at the U.S. Navy, which has taken a leading role in how the military leverages data by using elevated information to strengthen cybersecurity. For the private sector to do this, he said they must engage technical and behavioral modification in how the information they get is created and processed, with the first step being to create a governance structure or committee that includes all areas of the business. This should go a long way toward every department having say in what they want to keep the most safe within a system such as this.
Governance must be consistent
No matter how an agency or company uses a governance system, Government Health IT said an information governance protocol must be consistent all the way around to ensure the safety and security of data. Having a common taxonomy for information that can be shared across a health organization, in the website's example, will likely be effective at keeping all information safe and in the place it should be.
For data security to work as well as it should in a program, this website said businesses need to be constantly asking themselves questions about how each step should be done. The policy should be followed across the board, from low-level employees to the CEO.
Security News from SimplySecurity.com by Trend Micro.