Feature
News
1/17/2006
09:00 AM
Connect Directly
RSS
E-Mail
50%
50%

Ten Tips For Protecting Sensitive Enterprise Data

Pending legislation holds companies responsible for data system compromises. How prepared is your organization?

As legislation to provide a national law to protect identity and data moves forward in the U.S. legislature, systems managers will find that they are increasingly being held responsible if a company’s data systems are compromised, according to security experts following legal and technology developments.

“Legislation is creating a new model; people are being held more accountable,” says Toby Weiss, senior vice president and general manager of CA’s security management business

Weiss and other security experts recommend these top 10 data/identity protection factors for systems managers:

1. Strong controls: Systems managers must have strong security controls. Everyone in the IT department has to be involved. Companies need to protect their financial data and the identities of their customers and their business partners. The role of the systems manager is to protect against any identity theft.

The first step in doing this, several experts agree, is to have company policies and procedures in place. While this will likely come from management above systems managers, they should still have input in the policies and procedures to recommend additional precautions that may not be in the initial rules, according to Scott Laliberte, a director specializing in information security systems for Protiviti, Menlo Park, Calif.

“Systems managers are the custodians of the data within their systems,” Laliberte explains. “They should help business owners translate business policy into controls that will help protect that data.”

2. Define sensitive data: The enterprise policy should also include guidelines for what is and isn’t sensitive information, says Doug Graham, senior consultant for BusinessEdge Solutions, Inc., East Brunswick, N.J. If these guidelines aren’t in the policy or are too vague, the systems administrator should ask for additional definitions.

3. Plan for outages: Another element of best practices is knowing what to do if part of the security system (i.e., a firewall) goes down, Graham adds. “Any data that needs to be protected needs to have a robust method of protecting it. You need be able to detect [breaches] monitor access and have a response if something goes wrong.”

4. Monitor internal, external developments: Systems managers should take an active role in monitoring trends internally and across different industries for changes in identity/data theft threats, according to several experts. Such knowledge helps systems managers have better recognition of any potential security attacks the protections that systems should include.

5. Manage access: The actual protection of systems comes down to simple entitlement management, Weiss adds. “The systems manager can easily run a report on who has access to what.”

People within and outside the organization, including systems managers should only have access to those systems and the information in those systems that they need in order to do their jobs, Weiss says.

While the systems manager may need access to more parts of more systems than most, there should also be a policy of checks and balances so that protection is built in. So two systems managers should check each other or there should be some other type of auditing mechanism, according to Weiss.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.