Data is the queen, so understand how to protect your data

How much do you think data is worthy of companies such as Google or Facebook? You might be surprised, according to a Netflix documentary the Great Hack, Data for these companies is worth more than the price of oil! The question is how valuable is your data?

In this modern age of big data and analytics, data is the queen, which should be protected securely. What I have found is before the enforcement of EU GDPR, in the context of personal data most organisations do not know where their data resides (data storage), how much they process (number of records), what type of data they process, which critical business processes that are processing the data, hence the question comes how can you protect your data?

In my view, first, everything starts with architecture, data architecture for this matter will drive everything in regards to people, processes, and technology from the data strategy, data protection strategy, and data breaches response plans. Do you have data architects? Do you use a data architecture framework such as DAMA, TOGAF? Maybe that’s the best resources to start at https://dama.org/ ; https://pubs.opengroup.org/architecture/togaf91-doc/arch/chap10.html

Secondly, organisations need to map the flow of the data from the time when the data enters the organisation, processed, go out of the organisation or if it requires to be disposed of securely. On all these processes, security should be embedded by design and not an afterthought.

Data as your queen needs to be protected all the time, the same way this applies in chess, the same way applies in the real life, the way monarchies are being protected over the centuries, use the same concept when protecting the organisation’s data that matter to you. All the best 🙂

Author: kinyoka

A certified Information Security professional, with demonstrated experience spanned more than 10 years in financial, banking, consulting, and payment card industries in managing Information Security System Management ISMS. A post graduate degree holder in Information Security Management (M.Sc); Certified Information Security Manager (CISM), Payment Card Industry Qualified Security Assessor (PCI QSA), SABSA Chartered Security Architect (SCF), ISO 27001 Lead Auditor, CREST Registered Technical Security Architect (TSA), CREST Registered Penetration Tester (CRT), and a member of ISACA. Demonstrated to be reliable, trustworthy, and meticulous person; working in a controls-focused environment, multinational, and multicultural organisation over the years and gained a good understanding of what is required of the Information Security professional. . Specialties: ISMS based on ISO/IEC 27001/2 Payment Card Industry (PCI) DSS - QSA led services - PCI Scoping, Gap Analysis and Formal Assessment (RoC) IT Governance, Risk and Compliance (GRC) Management Cyber Security Penetration Testing Enterprise Security Architecture Technical Security Architecture

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s