Do you use any data loss prevention products as part of your compliance/security program?

The Driver Behind This

Regulated and sensitive information can leave your environment quicker than you realize. Data loss prevention (DLP) systems can prevent this information from leaving your control in unauthorized manners. Whether that’s from an employee copying the information to take it so they can work from home or an adversary that has managed to infiltrate and embed in your environment – we’re talking about the insider threat.  The ability to identify this information leaving your environment is crucial.  This is being driven from a variety of regulatory and contractual requirements and you are on the hook to ensure the information you’ve been entrusted with is protected. It doesn’t matter if you’re talking about the information that has been provided by your customers, shared by your business partners or your own intellectual property – you must protect it.  Being able to detect and respond plays a major role in supporting your claims of conforming with the relevant regulatory drivers, but also in the midst of responding to an incident where you have to know and get to ground truth on what data that you’re accountable for, left your organization.

Continue reading “Do you use any data loss prevention products as part of your compliance/security program?”

What are you doing regarding threat intelligence?

Another Question to Consider: How do you get your actionable cyber threat intelligence?

The Driver Behind This

Understanding the threats you face is the first step (identification) of a Risk Management program and ultimately how the organization manages risks.  The organization’s ability to collect, process and analyze cyber threats goes a long way in protecting the organization and reducing its risk.  

Continue reading “What are you doing regarding threat intelligence?”

What are you doing regarding Identity and Access Management?

Another Question to Consider: What is the central authority that governs your active directory domains?

The Driver Behind This

Identity (and by extension access) is at the center of not only security, but compliance as well.  The way your organization manages users is critical, now more than ever.   The way your organization protects authorized identities, ensures policy compliance, and provisions access to sensitive/regulated data all drives toward the overall organizational risk posture.  

Continue reading “What are you doing regarding Identity and Access Management?”