Information Security Forum: how to protect sensitive data
Information Security Forum: how to protect sensitive data. Data losses put focus back on classifying and protecting sensitive data, says a new report from the Information Security ...
Information Security Forum: how to protect sensitive data. Data losses put focus back on classifying and protecting sensitive data, says a new report from the Information Security Forum (ISF). Recent high profile date losses have highlighted the need for better information classification and the implementation of data protection measures based on the level of sensitivity and confidentiality, according to the ISF. In its latest report, the ISF suggests that because many existing approaches to information classification are overly complex they rarely deliver business benefits and are often simply ignored.
“Traditional Information classification is characterised by the ‘Top Secret’ rubber stamp in James Bond films,” says Nick Frost, the report’s author and senior research consultant at the ISF. “Today, information exists in many different forms from paper documents and verbal communications to the masses of electronic data stored, transmitted and processed. While introducing an effective enterprise wide scheme is daunting, organisations can no longer afford to ignore its importance if further embarrassing data loses are to be avoided.”
Information Classification requires a consistent process to determine the level of confidentiality of a piece of information; the development of techniques for communicating the level of classification; and the practical implementation of techniques to protect information accordingly. But the benefits of successful Information Classification are considerable, according to the ISF report.
By ensuring that information is adequately protected, good information classification helps to prevent over- or under-engineering of controls, so reducing potential operational overspend and unnecessary drains on resources. Information Classification can also help to enforce better access control policies and used to demonstrate compliance for legislation such as Data Protection and Privacy along with regulations including HIPAA and Gramm-Leach Bliley.
The report highlights that to achieve these levels of success requires participation across an organisation from HR and Legal to IT and audit, along with Board level support. “Having senior managers with a shared strategic vision and understanding of information classification and the value it can deliver is critical to the overcome budgetary and organisational issues,” says Nick Frost. “It is vital to run a successful pilot project to show a ‘quick win’.”
Information Leakage: Briefing Paper Publicly Available
The ISF is a not-for-profit international association of over 300 leading international organisations, which fund and co-operate in the development of practical, business driven solutions to information security and risk management problems. The ISF undertakes a leading-edge research programme and has invested more than US$100 million to create a library of over 200 authoritative reports along with information risk methodologies and tools that are available free of charge to ISF members.
As the ISF is a membership organisation, ISF reports are normally for the exclusive use its members. However, in order to help organisations identify and respond to specific threats and vulnerabilities associated with information leakage, you can download an ISF Briefing about information leakage for free as the ISF has made this briefing paper publicly available.
