eWeek has published a set of guidelines to avoid the next data breach. Although most of these lists overlap for the most part, each author has a something of value to add and it’s always valuable to re-examine your own guidelines against these lists.

eWeek notes, with much truth, that most data breaches are not the result of a single failure but rather multiple failure points in company data security practices. It is one thing to create a security policy – it is quite another to keep it updated, to translate it into processes and systems, and to communicate it effectively to all stakeholders.

eWeek’s Seven key measures to keep your data safe:

  1. Have a viable, up-to-date security policy – what to protect, risk assessment, response procedures to any breach. Keep revising – security is not static! And communicate the policy to all employees (and contractors)
  2. Know your sensitive data and safeguard it – restrict access, prevent copying, have specific rules for mobile data devices
  3. Apply the least privilege principle: Give users and applications the minimum required access, especially as regards sensitive data
  4. Encrypt data in motion – use strong standards coupled with other mobile security safeguards
  5. Encrypt data at rest – but do not be free with the access keys, or the security will not be valuable
  6. Monitor database activity – real-time auditing to detect unauthorized access early
  7. Regularly check and harden configuration of components – use tools to find bad configuration, weak passwords, etc

Each step you take to improve your data security closes a vulnerable point – the more you do, the better your data security will be.

Tags: , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati