Archive for the ‘Classification’ Category

What is the True Cost of a Data Breach?

Wednesday, May 14th, 2014

This week, TITUS released an infographic that contains some sobering figures about the true cost of a data security breach. While lost data can mean lost intellectual property (which is hard to place an accurate value on), it most certainly would include fines, expensive customer communications, lawsuits, and an evaluation of technology and/or policy.  All totaled, the Ponemon Institute’s 2014 Cost of a Data Breach Study pegs the cost of a lost record in the US at $195 per record – up from $188 in 2013.
(more…)

Easily Transition from UK GPMS to GSC

Thursday, April 3rd, 2014

Effective April 2, 2014, the new UK Government Security Classifications (GSC) policy replaces the previous Government Protective Marking Scheme (GPMS). The new policy requires the classification of Her Majesty’s Government (HMG) information assets into one of three types: OFFICIAL, SECRET, and TOP SECRET. This classification scheme, simplified from the previous GPMS seven-level classification scheme, will help ensure that government staff, contractors, and service providers can more easily safeguard information.
(more…)

Security is a Business Imperative, Not an IT Task

Thursday, November 21st, 2013

I’ve noticed a distinct theme throughout a number of different analyst report I’ve recently read  –  that the protection of information and data assets is a business task which needs guidance from the business unit leaders. Take as an example…

As executives see more and more media coverage of data breaches and security incidents, the inevitable question is: “What are we doing to make sure that doesn’t happen to us?”

Contrary to 2012 when privacy responsibility was shifting to an organization-wide accountability, in 2013 it’s falling more onto the security group within enterprises. [It’s] a matter of concern if more and more enterprises deem the security group fully responsible for privacy and regulations. Ensuring privacy requires a union of technology, policy, and culture, and a harmony between many business units from security to legal to HR to employees.

–          Understand the State of Data Security and Privacy: 2013 to 2014 (Forrester)

(more…)

The Evolution of Classification

Wednesday, October 23rd, 2013

Last week, the lead whitepaper in TechTarget’s Daily Top 5 was titled, How to Tackle Information Classification – published by the Jericho Forum. Naturally, I was interested to see what it had to say and eagerly downloaded it only to find that it was originally published in January 2009 – almost 5 years ago. Despite its age, the whitepaper is a solid introduction to information classification, the benefits and the challenges. In particular, it provides confirmation that classification is the lynchpin to successful security in a “de-perimeterised environment.” But there were a few areas where it was a bit, shall we say, “stale.” The Jericho Forum whitepaper identified some problems which, in the years since it was published, have been successfully addressed.

Let’s look at the three main problems areas that the Jericho Forum whitepaper identified: (more…)