Building and Managing a Data Security Practice

Micro Focus Expert
Micro Focus Expert
1 0 2,239

Welcome to 2019. The time for New Year’s resolutions. When solution architects promise product marketing managers that in fact, yes, we will write that blog we promised. Yet I digress... 😊

Building and managing a data security practice2.png

We have corporate New Year’s resolutions at Micro Focus as well. One of them is to help customers and partners build out successful data security practices. That proactively respond to cyber security invasions from those wishing to steal our data.

That’s where this blog comes in. Over the coming quarter, we’ll discuss an informal handbook, if you will, for building and managing a data security practice. This post is the introduction to a series delving into questions we receive from customers and partners centered around the data security practice.

First, we’ll “level set” and define some terms. Like what is a data security practice, anyways? And how is it different from other information security practices?

Second, we’ll identify the business value of protecting data. Information security is not free, of course. So given all of the potential ways we could secure our information systems, what is the financial benefit of protecting the data itself? Both the direct cost savings as well as the follow-on fiscal benefits of increased data utilization.

Third, we’ll discuss the concept of the data protection stack. And why data security offers the strongest information security protection. Those of you involved with network security and the importance of the ISO OSI[1] networking stack will feel right at home with this one.

Next, we’ll launch into the “meat” of building a data security practice with a process-oriented approach following the CMU SEI CMM.[2] We’ll introduce the concept of a process-oriented framework and then publish one post for each of the following processes:

This framework is based on PCM, Inc’s (a Micro Focus partner) Seven Steps to Data Centric Security. Thanks, PCM! 😊

And for the final blog post, we will summarize key takeaways from implementing a data security practice. Spoiler alert: we end up reusing many existing activities mandated by the organization's compliance requirements.

The most important part of this blog? You! Please post your comments and thoughts on this blog. Let us know about your real-world experience that compliments or contradicts the discussion at hand. We take your comments seriously. After all, Rule #2 is to see Rule #1!


[1] International Standards Organization (ISO) Open Systems Interconnection (OSI).

[2] Carnegie Mellon University (CMU) Software Engineering Institute (SEI) Capability Maturity Model (CMM).

About the Author
Solution architect for the Voltage SecureData product family.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.