BreachExchange mailing list archives
Data breach: how information governance reduces risk
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 26 Jun 2015 13:04:30 -0600
http://www.jdsupra.com/legalnews/data-breach-how-information-governance-72726/ With all the data breach activity over the past several years, any organization or individual that hasn’t been affected in some way almost feels left out. According to the Department of Health and Human Services, 120 million people have been compromised in more than 1,100 separate breaches at organizations handling PHI (protected health information) since 2009. That number is almost a third of the U.S. population! Now is the time for organizations to take action! The data breach problem is very real and is going to get worse before it gets better. Most organizations’ immediate reaction to such activity is to invest in some new type of data security technology or purchase a higher level of cyber insurance coverage. However, they should also be equally concerned with ensuring proper governance of their information. More often than not, the information compromised during such an activity shouldn’t have been stored there in the first place and having an information governance program in place can reduce such risks. For instance, an information governance program will address the following items: 1. Identify which stakeholders in the organization have access to sensitive information (PHI) 2. Document the storage locations (repositories, servers, applications ,etc.) where sensitive information is stored 3. Explain how long sensitive information is stored in both public and local environments 4. Outline data storage requirements and guidelines for third-party vendor compliance 5. Dispose of ROT (redundant, outdated, trivial) data to reduce discovery costs No doubt, it’s crystal clear that information governance can reduce an organization’s risk in connection with a data breach. Of course, there are many other items that would fall under the information governance umbrella, but these surely provide a starting point. As with any endeavor, getting started is usually the hardest part.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Data breach: how information governance reduces risk Audrey McNeil (Jul 06)