The fundamentals about data protection
When a data protection conversation took place, often one can feel overwhelmed by the complexity of the topic, and many technical controls exist today trying to resolve this issue but oftentimes the solutions are presented as a "silver bullet," not recognizing the data protection practice is more than just encryption, or digital rights management, two common controls used to protect data. To manage data security properly, we must look at the problem from a data centric viewpoint.
Fundamentally, the data protection, from a technical control standpoint, is all about access control, and protect data through out its entire life cycle using different tools or techniques. It is a simple concept, but very hard to be done right, especially with heterogenous systems you find in many organizations.
In a diagram below, I am trying outline some of common data protection attributes, where are those controls exist today and how those solutions are usually applied from an enterprise environment. You can view the model is applicable to both structured and unstructured data. Organizations should have deep understanding of its data, based on classifications, how the data is being created, used, shared in order to develop sound protection strategies.
Senior IT Security Operations Specialist
6 年Keep it up, great workflow . Great diagram
INGENIA your partner for information security governance, investment solutions, regulatory compliance and internal audit
6 年Hi Henry, May I know where is the diagram, you are referring to ?