Companies often struggle with keeping data both available and confidential. See how to balance risk and reward by identifying and classifying sensitive data, determining the sin the IBM white paper, "Achieving end-to-end information security: Five critical steps," you'll learn a more sophisticated approach to information security. Security posture of different points of access and tracking data changes.
IBM information security solutionsWhite paper
Achieving end-to-end information security:
five critical steps.
August 2008Achieving end-to-end information security: five critical steps.2
IntroductionContents Information is one of the greatest sources of value creation for organizations
2 Introduction today, with nearly every aspect of an enterprise dependent on a continuous
3 Helping increase availability flow of data. Think of it as currency - freely traded across and beyond
and decrease risk the organization, it can yield a significant return on investment, including
4 Achieving security balance, step increased collaboration and innovation, shortened time to market and better
by step decision making.
5 Step 1: Define controls 6 Step 2: Discover and classify At the same time, information is one of the greatest sources of risk for orga-
6 Step 3: Enforce controls nizations today. Whether through intentional or inadvertent means, breaches
7 Step 4: Address data retention of data security can expose organizations to regulatory fines or legal actions,
8 Step 5: Monitor, audit and report reduce a company's competitive advantage and undermine customer con-
8 IBM: a trusted advisor fidence. In recent years, lawmakers worldwide have responded to data
11 Summary security breaches with more rigorous data privacy laws.
12 For more information 12 About IBM Service Management As data privacy mandates continue to multiply, so too can the risk. Eliminating the risk altogether, however, is not the goal. Were that the case, the solution would be easy: simply lock down both the data and access to it - thus also shutting down the vital link to employees, customers, business partners and suppliers that makes innovation and collaboration possible.
A more sophisticated information security strategy takes a risk management approach that balances risk and reward - availability vs. the confidentiality and integrity of data. This strategy requires the ability to identify and clas-sify sensitive data and mission-critical information within the enterprise and determine the various points of access to this information and the security posture of those access points - all while tracking who has accessed that data and understanding what they have done with it.Achieving end-to-end information security: five critical steps.3
This paper discusses the challenges of safeguarding critical data while Highlights maintaining a continuous flow of information, and describes five key steps organizations can take to help determine their information risk tolerance, better understand potential security issues, and help minimize the breadth and potential impact of those issues.
Helping increase availability and decrease riskAs organizations become more interconnected, they are steadily increasing access to a wide range of information sources. Where availability was once limited by technology constraints, an expanding volume of data is now mak-ing its way to growing numbers of employees, suppliers, business partners and customers. This increased availability can present considerable security Organizations also should protect their and compliance challenges. Not only must organizations protect their own own intellectual property from internal threats intellectual property from internal threats such as supply chain partners and and ensure data security for the stakeholders' employees who accidentally mishandle information, organizations also should benefit ensure data security for the stakeholders' benefit, including private customer data, as well as financial data where the stakeholders include investors.
As with any strategic asset, information must be backed by a resilient and secure infrastructure that supports compliance measures. Traditionally, how-ever, information has been secured primarily through a perimeter-based approach that relied on firewalls and other point products. These solutions are no longer viable for today's environment. Web-based technology has both enabled and extended the need to collaborate beyond perimeter borders. Security also should be focused on the data itself, safeguarding it wherever it is, from creation to end point, whether it's at rest or in transit. Achieving end-to-end information security: five critical steps.4
Ultimately,... [download for more]
