Does your organization face risk from the loss of
digital transportable or removable media?
Common challenges & issues:
- Lost tapes, laptops, and other media exposing regulatory, reputation and customer risk.
- No method to assess risk.
- No control over methods of shipping.
Digital Removable & Transportable Media (DRTM) generally is defined as data storage devices, often small and easy to carry or transport, that can be used to copy, move and/or access data outside of an organization’s network that falls into one of the four categories:
- Integrated Storage Devices (External Hard Drives, USB devices).
- Removable Media (CD/DVD, Compact Flash SD, Tape, Floppy, Voice Tapes).
- Data Devices in Transit (Laptops, Workstations, Servers, Removable Hard Drives, Printers & Fax Machines with hard drives).
- Personal Communication / Entertainment Devices (Blackberry devices, PDAs, Cell phones, iPods, Digital Cameras).
Without a comprehensive strategy and integrated
handling program for DRTM, it is extremely difficult to track the movement and
storage location of sensitive data entrusted to or produced by your company,
either within the enterprise or transferred to third party providers. Such a
program needs to include identification of business and regulatory risk,
policies and procedures, sound operational processes, risk reduction
technologies, risk identification, risk acceptance, transfer controls and due
diligence to adequately safeguard proprietary and confidential trade secret
information from unauthorized access, use, disclosure, alteration or
destruction.
Most organizations that have begun to consider security around digital
transportable and removable media devices are implementing ad hoc controls that
are neither linked by overarching strategies or processes nor supported by
standardized technologies.
How can we support you
Our security and privacy professionals will be able to identify and tailor a set
of next steps to allow your organization to develop the key components of a
sustainable DRTM Program. Milton Alexander security and privacy professionals
have developed a proven business process-based approach that links your business
requirements to technologies, processes and policies, in order to develop a
roadmap of recommendations to comprehensively reduce the overall risk to your
organization posed by Digital Removable & Transportable Media.
Our approach begins with an assessment of your strategy, global processes,
privacy, governance and supporting technologies, as a means to understand the
overall risk to your environment. As a means to understand the effectiveness of
your current DRTM security efforts and to benchmark your organization, we have
adopted an approach around Carnegie Mellon’s Capability Maturity Model
Integration (CMMI). This approach provides organizations with the essential
elements of effective processes. The concept of using the Maturity Model is to
establish a rating method that will allow us to benchmark and compare your
transportable media security program against other organizations using DRTM
maturity indicators. After conducting a Current State Assessment, we can assess
the level of controls necessary to help mitigate the overall risk posed to your
organization. Our roadmap will present recommended changes to technologies,
processes and policies and will illustrate the projects necessary mapped to risk
and cost over multiple quarters to mature your organization's DRTM security
program. In addition, this roadmap to health is integrated into balance
scorecard, key performance indicator, and dash boarding initiatives of your
company, to align new initiatives and monitor their effectiveness within the
business units as the risk reduction initiatives come on line. Areas of support
include:
- Technology Assessment – assess the technologies currently used in conjunction with DRTM.
- Workflow Technologies - to span and link the systems, departments and applications that are currently used in processing transportable media, and to link your technologies into your workflow to create automation.
- Encryption technologies – including those for USB keys, PDAs, BlackBerrys™, external hard drives and laptops.
- Content monitoring and data leakage technologies – to scan hard drives, laptops, emails and even block content from being transferred to transportable media with the exception of approved users.
- Content protection technologies.
- Technologies to track data in transit – including WiFi & RFID tracking systems.
- Assessing what data fields should be tracked and captured in risk management systems.
- Benchmarking and Balanced Scorecards - creating a metrics and governance
framework for assessing transportable media improvement and risk reduction.