Welcome to 2019. The time for New Year’s resolutions. When solution architects promise product marketing managers that in fact, yes, we will write that blog we promised. Yet I digress... 😊
We have corporate New Year’s resolutions at Micro Focus as well. One of them is to help customers and partners build out successful data security practices. That proactively respond to cyber security invasions from those wishing to steal our data.
That’s where this blog comes in. Over the coming quarter, we’ll discuss an informal handbook, if you will, for building and managing a data security practice. This post is the introduction to a series delving into questions we receive from customers and partners centered around the data security practice.
First, we’ll “level set” and define some terms. Like what is a data security practice, anyways? And how is it different from other information security practices?
Second, we’ll identify the business value of protecting data. Information security is not free, of course. So given all of the potential ways we could secure our information systems, what is the financial benefit of protecting the data itself? Both the direct cost savings as well as the follow-on fiscal benefits of increased data utilization.
Third, we’ll discuss the concept of the data protection stack. And why data security offers the strongest information security protection. Those of you involved with network security and the importance of the ISO OSI networking stack will feel right at home with this one.
Next, we’ll launch into the “meat” of building a data security practice with a process-oriented approach following the CMU SEI CMM. We’ll introduce the concept of a process-oriented framework and then publish one post for each of the following processes:
- Process I: Identifying critical assets, data, and intellectual property.
- Process II: Evaluating threats against and vulnerabilities of these critical assets.
- Process III: Addressing governance and regulatory requirements.
- Process IV: Developing a prioritized security strategy
- Process V: Implementing data security throughout the enterprise
- Process VI: Monitoring effectiveness and incremental improvements
This framework is based on PCM, Inc’s (a Micro Focus partner) Seven Steps to Data Centric Security. Thanks, PCM! 😊
And for the final blog post, we will summarize key takeaways from implementing a data security practice. Spoiler alert: we end up reusing many existing activities mandated by the organization's compliance requirements.
The most important part of this blog? You! Please post your comments and thoughts on this blog. Let us know about your real-world experience that compliments or contradicts the discussion at hand. We take your comments seriously. After all, Rule #2 is to see Rule #1!
 International Standards Organization (ISO) Open Systems Interconnection (OSI).
 Carnegie Mellon University (CMU) Software Engineering Institute (SEI) Capability Maturity Model (CMM).
Data security and encryption