This page contains a Flash digital edition of a book.
www.hp.com/info/security


Some data fundamentals


The CISO Club, powered by HP Information Security, is an exclusive group of security thought leaders who gather to discuss current trends and influences that impact on business security.


At the most recent meeting, sponsored by HP and McAfee, they discussed whether information security professionals have fully grasped the value of data to the enterprise.


It may seem strange to suggest that information security professionals do not understand the value of data seeing as it should be central and fundamental to their daily working lives.


However, the CISO Club was looking beyond the accepted concepts of data protection, based on IT security systems such as DLP and anti-malware. So what was the CISO Club talking about? For a start they were critical that too many security professionals still see data as an abstract and discrete component of the business process that must be locked down. In addition, security professionals also treated certain groups and stakeholders, within and external to the enterprise with caution bordering on distrust, despite evidence (from CISO Club members) to the contrary. What they concerned themselves with was protecting data from individuals rather than


20 2011 | Inform – Issue 5


protecting the data itself. Protected data can flow freely and efficiently serve the enterprise.


It was strongly felt that CISOs and other senior information security professionals need to be much more concerned with critical business data and the role it plays. Instead of focusing on DLP systems that are thought to be out of step with advanced CISO Club thinking, CISOs should begin to build a programme of data trust and responsibility among employees and bring them on message that the protection of customer data, archived data, shared data and in-transit data is paramount and increases the business value of enterprise data.


Without such protection, trust fails and essential outsourcing models that promise cost savings and operational efficiency in challenging economies will fail too.


To achieve this shift CISOs may need to tap into new business theories such as emotional intelligence. This of course may be less than easy for a generation used to dealing with IT based and firewall thought processes but in a conflicted and complicated business world coping with consumerisation, cloud and cyber crime its something they may have to get to grips with soon.


In terms of data, the CISO Club suggest an emotional approach would be to ask how employees handling data, which is most in the modern enterprise, might feel if their own personal data was mishandled or lost. This is a direct emotional appeal and transforms data from an abstract notion into a valuable asset just like personal music or photos.


That way employees begin to see the value of data and take ownership. The message should be that employees


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28