Feature
News
1/17/2006
09:00 AM
50%
50%

Ten Tips For Protecting Sensitive Enterprise Data

Pending legislation holds companies responsible for data system compromises. How prepared is your organization?

As legislation to provide a national law to protect identity and data moves forward in the U.S. legislature, systems managers will find that they are increasingly being held responsible if a company’s data systems are compromised, according to security experts following legal and technology developments.

“Legislation is creating a new model; people are being held more accountable,” says Toby Weiss, senior vice president and general manager of CA’s security management business

Weiss and other security experts recommend these top 10 data/identity protection factors for systems managers:

1. Strong controls: Systems managers must have strong security controls. Everyone in the IT department has to be involved. Companies need to protect their financial data and the identities of their customers and their business partners. The role of the systems manager is to protect against any identity theft.

The first step in doing this, several experts agree, is to have company policies and procedures in place. While this will likely come from management above systems managers, they should still have input in the policies and procedures to recommend additional precautions that may not be in the initial rules, according to Scott Laliberte, a director specializing in information security systems for Protiviti, Menlo Park, Calif.

“Systems managers are the custodians of the data within their systems,” Laliberte explains. “They should help business owners translate business policy into controls that will help protect that data.”

2. Define sensitive data: The enterprise policy should also include guidelines for what is and isn’t sensitive information, says Doug Graham, senior consultant for BusinessEdge Solutions, Inc., East Brunswick, N.J. If these guidelines aren’t in the policy or are too vague, the systems administrator should ask for additional definitions.

3. Plan for outages: Another element of best practices is knowing what to do if part of the security system (i.e., a firewall) goes down, Graham adds. “Any data that needs to be protected needs to have a robust method of protecting it. You need be able to detect [breaches] monitor access and have a response if something goes wrong.”

4. Monitor internal, external developments: Systems managers should take an active role in monitoring trends internally and across different industries for changes in identity/data theft threats, according to several experts. Such knowledge helps systems managers have better recognition of any potential security attacks the protections that systems should include.

5. Manage access: The actual protection of systems comes down to simple entitlement management, Weiss adds. “The systems manager can easily run a report on who has access to what.”

People within and outside the organization, including systems managers should only have access to those systems and the information in those systems that they need in order to do their jobs, Weiss says.

While the systems manager may need access to more parts of more systems than most, there should also be a policy of checks and balances so that protection is built in. So two systems managers should check each other or there should be some other type of auditing mechanism, according to Weiss.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of January 18, 2015.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.