The search term must be a minimum of 3 characters.

If you wish, you can further refine your search by also selecting the relevant marketplace, business need and resource type

Business Needs
Select Business Need
Resource Type
Select Search Type
blog from Global Cyber Alliance

Building a solid data protection plan for 2020

By the Center for Internet Security

Share this resource
company

Do Something. Measure It

View Solution Provider Profile

Connect with Global Cyber Alliance

by Global Cyber Alliance
| 27/01/2020 12:00:00

Attacks like Spectre and Meltdown brought data privacy to the forefront of cybersecurity in 2018. The year also ushered in new regulations concerning data protection, including the EU General Data Protection Regulation (GDPR). These activities opened up fresh opportunities to review and advance our incident response planning and data management processes. Yet two years later, many organizations are still lagging behind when it comes to data privacy and protection. In 2020, it’s up to every organization to develop and implement a solid Data Protection Plan (DPP). Let’s look at some of the challenges and opportunities created by the need for a strong DPP.

Understanding data flow
In order to create an effective DPP, your organization first needs to develop a clear picture of its data flow. There are areas around information handling which every organization will need to review and fine-tune. Some questions to start your investigation:

  • What data do we have?
  • How do we use it?
  • Where is it stored and processed?

The answers to these questions will form a reference point for your organization to gain a controlled foothold over its data and information management processes. Your specific industry dictates the type of data you have (payment information, customer data, health records, etc.). The type will produce different answers. Still, the questions need to be asked, understood, and documented in a DPP. If you don’t have a plan in place, now’s the time to start developing one.

What makes a solid DPP?
Elements of a DPP

  • Objective: Specific to organizational security policies or regulatory controls such as GDPR/NIST.
  • Roles and responsibilities: Addresses key roles in the organization and the data protection responsibilities of each.
  • Data protection risks: Identifies potential security risks as related to sensitive data.
  • Acceptable use policies: Applies to different classes of data within an organization.
  • Data storage requirements: Must consider how to manage the storage size of data (including backups!).
  • Data utilization: Addresses how data is used within the organization.
  • Data integrity and assurance: Examines how to securely store and transfer data.

Bringing each of these elements together can seem overwhelming; however, there are cybersecurity best practices your organization can follow. The CIS Controls are prioritized defensive security actions that can provide a strong starting point for understanding how to build your organization’s DPP. In particular, CIS Control 13 focuses on data protection.

Learn more: CIS Controls

Applying CIS Control 13
The CIS Controls Implementation Groups (IGs) take a horizontal look at prioritizing cybersecurity best practices based on an organization’s available resources and maturity level. For CIS Control 13, the IGs identify elements comprising a solid DPP for any size organization.

Leveraging the CIS Controls IGs can help organizations with varying technical resources and capabilities build a DPP. Every organization, regardless of size or capability, should start with IG1. There are three CIS Sub-Controls from CIS Control 13 that support building a DPP. See the chart below for more details.

Specifically, organizations should focus on these steps when starting to develop a DPP:

  • Inventorying sensitive information (13.1): You have to know what data is sensitive in your organization in order to determine which security controls need to be in place.
  • Removing sensitive systems and data which aren’t regularly accessed (13.2): Make sure your assets are properly segmented and disconnected when not in use. This will limit the chance that sensitive data is compromised in case of an attack.
  • Encrypting data for mobile devices (13.6): As part of your organization’s mobile device policy, use approved whole disk encryption software.

More mature organizations should strive to implement additional CIS Sub-Controls found in IG1 and IG2 as part of a growing DPP.

Getting ready for the future
No matter what 2020 holds, developing a solid DPP will be key to protecting your organization’s data. Building a strong DPP can help with:

  • Day-to-day management of information
  • Preparing your organization for any future breach or incident which may occur
  • Ensuring data within an organization is properly defined, labeled, and controlled
  • Mitigating against ransomware attacks by limiting an attacker’s access to sensitive data

To get more information about leveraging your organization’s DPP for GDPR compliance and other cybersecurity best practices, download our free eBook: A CISO’s Guide to Bolstering Cyber Defenses.

Download eBook

See original blog: https://www.globalcyberalliance.org/building-a-solid-data-protection-plan-for-2020/

More from Global Cyber Alliance

The adaptive cybersecurity approach

by Global Cyber Alliance | 18/12/2019 12:00:00

I have been in the cybersecurity field for more than a decade. I have had the opportunity to see cybersecurity problems from many angles and from different perspectives, in Paris,...

GCA partner spotlight: Cybercrime Support Network

by Global Cyber Alliance | 17/12/2019 12:00:00

The Cybercrime Support Network (CSN) is proud to partner with the Global Cyber Alliance (GCA). Before cybercrime strikes, GCA provides tools to prevent an attack. After cybercrime strikes, CSN provides...

Small business cybersecurity: Protect your brand

by Global Cyber Alliance | 07/08/2019 12:00:00

Protecting the reputation and brand of your business is critical to your success. You can help do this by implementing tools that ensure your brand’s name and email addresses don’t...

Helping small businesses fight cybercrime benefits the global ecosystem

by Global Cyber Alliance | 09/05/2019 12:00:00

Cybercriminals like to use small businesses as a gateway into larger corporations. After all, small businesses are the back bone of the global economy and make up the majority of...

Connect with Global Cyber Alliance

Send

Thanks for connecting with Global Cyber Alliance

We will inform Global Cyber Alliance of your interest and request that they connect with you.

Please sign up to see more

Sign up or login if a Wealth Manager

Register as a Solution Provider