How much data is leaking out of my organization, and
what are the maturity levels of my business processes in stemming these losses?
Common challenges &
issues:
- You know that data loss is likely, but you have no idea of what type of data is being leaked out of your organization, or how it is being lost.
- Do you know which file servers and laptops contain exposed confidential data?
- Do you know who is carrying inappropriate confidential information on their laptops?
- Are you able to demonstrate compliance with privacy laws and regulations?
- Can you show ongoing initiatives combating losing data?
Conducting a privacy and data loss prevention
Risk Assessment is the first step towards a comprehensive risk management
program. The risk assessment is designed to assess the level of information loss
and measure the maturity of data protection initiatives enacted by the company.
The first step is deciding what information the company desires to protect. In
addition to confidential internal information that a company desires to protect,
such as sales forcasts and reportsing, R&D, M&A documentation, a variety of laws
exist concerning the handling of customer and employee information. These
include, but by no means are limited to:
- 35 US state data privacy laws
- GLBA
- HIPPA
- Payment Card Industry Data Security Standard (PCI DSS)
- SOX
- The EU Data Protection Directive 95/46/E and affiliated laws
- Works Council privacy issues
- Bank Secrecy laws (Switzerland)
- The Personal Data (Privacy) Ordinance (Hong Kong)
- And many others
The second step is discovering where that
information is located or is in the process of moving to. Then an assessment can
be made of the amount of violation occurring, and the level of risk.
How we can support you:
Milton Alexander’s privacy and data loss prevention risk assessment is a
combination of a Risk Questionnaire, and an automated check of data inappropriately stored, or
actually captured while transiting the organization, utilizing data loss
prevention (DLP) technologies.
Milton Alexander DLP and Privacy Risk Assessment gathers information in
preparation for conducting a proper automated risk assessment, but also reviews
existing privacy polices and procedures, incident response processes, Digital
Removable and Transportable Media handling, data provided in outsourcing
relationships, and privacy governance models.
The Automated Risk Assessment utilizes DLP tools for data in motion and data at
rest to measure their level of data loss risk. Preconfigured policies corresponding to
policy or regulatory violations can be input, or key words or documents scanned
for across the enterprise or business unit. The result shows confidential data
exposed on laptops and desktops, open file shares, servers , and databases, as
well as inappropriately leaving the network by email, web mail, file transfers,
instant messaging or other protocols selected.
The final result is a comprehensive Risk Assessment Report that demonstrates
data loss frequency, severity, and risk by data type, the user in violation by
department, policy and regulation violated, as well as an industry benchmark
comparison. Also prepared is an executive summary, with data loss prevention
recommendations.