Does your organization face risk from the loss of digital transportable or removable media?

Common challenges & issues:

• Lost tapes, laptops, and other media exposing regulatory, reputation and customer risk.
• No method to assess risk.
• No control over methods of shipping.

Digital Removable & Transportable Media (DRTM) generally is defined as data storage devices, often small and easy to carry or transport, that can be used to copy, move and/or access data outside of an organization’s network that falls into one of the four categories:

• Integrated Storage Devices (External Hard Drives, USB devices).
• Removable Media (CD/DVD, Compact Flash SD, Tape, Floppy, Voice Tapes).
• Data Devices in Transit (Laptops, Workstations, Servers, Removable Hard Drives, Printers & Fax Machines with hard drives).
• Personal Communication / Entertainment Devices (Blackberry devices, PDAs, Cell phones, iPods, Digital Cameras).

Without a comprehensive strategy and integrated handling program for DRTM, it is extremely difficult to track the movement and storage location of sensitive data entrusted to or produced by your company, either within the enterprise or transferred to third party providers. Such a program needs to include identification of business and regulatory risk, policies and procedures, sound operational processes, risk reduction technologies, risk identification, risk acceptance, transfer controls and due diligence to adequately safeguard proprietary and confidential trade secret information from unauthorized access, use, disclosure, alteration or destruction.

Most organizations that have begun to consider security around digital transportable and removable media devices are implementing ad hoc controls that are neither linked by overarching strategies or processes nor supported by standardized technologies.

How can we support you

Our security and privacy professionals will be able to identify and tailor a set of next steps to allow your organization to develop the key components of a sustainable DRTM Program. Milton Alexander security and privacy professionals have developed a proven business process-based approach that links your business requirements to technologies, processes and policies, in order to develop a roadmap of recommendations to comprehensively reduce the overall risk to your organization posed by Digital Removable & Transportable Media.

Our approach begins with an assessment of your strategy, global processes, privacy, governance and supporting technologies, as a means to understand the overall risk to your environment. As a means to understand the effectiveness of your current DRTM security efforts and to benchmark your organization, we have adopted an approach around Carnegie Mellon’s Capability Maturity Model Integration (CMMI). This approach provides organizations with the essential elements of effective processes. The concept of using the Maturity Model is to establish a rating method that will allow us to benchmark and compare your transportable media security program against other organizations using DRTM maturity indicators. After conducting a Current State Assessment, we can assess the level of controls necessary to help mitigate the overall risk posed to your organization. Our roadmap will present recommended changes to technologies, processes and policies and will illustrate the projects necessary mapped to risk and cost over multiple quarters to mature your organization's DRTM security program. In addition, this roadmap to health is integrated into balance scorecard, key performance indicator, and dash boarding initiatives of your company, to align new initiatives and monitor their effectiveness within the business units as the risk reduction initiatives come on line. Areas of support include:

• Technology Assessment – assess the technologies currently used in conjunction with DRTM.
• Workflow Technologies - to span and link the systems, departments and applications that are currently used in processing transportable media, and to link your technologies into your workflow to create automation.
• Encryption technologies – including those for USB keys, PDAs, BlackBerrys™, external hard drives and laptops.
• Content monitoring and data leakage technologies – to scan hard drives, laptops, emails and even block content from being transferred to transportable media with the exception of approved users.
• Content protection technologies.
• Technologies to track data in transit – including WiFi & RFID tracking systems.
• Assessing what data fields should be tracked and captured in risk management systems.
• Benchmarking and Balanced Scorecards - creating a metrics and governance framework for assessing transportable media improvement and risk reduction.