Data Risk Management
Data risk management helps organizations balance potential data risks with business priorities, expenses and other resource constraints. Data risk management helps organizations meet regulatory compliance mandates and reduce the impact of hackers and malicious insiders.A basic framework for data risk management includes:
- Data classification to locate sensitive data
- Vulnerability assessment to discover and mitigate application or systems weaknesses
- User rights management to identify and remediate internal risks
The first step in the data risk management process is identifying which data is sensitive. Automated data classification helps accelerate the process of locating sensitive data, which is typically distributed across the data center. Data classification can be used to find a variety of sensitive data, including regulated data such as credit card numbers, national identity numbers, medical records and other personally identifiable information. Automated data classification is especially important when ongoing classification is required to identify sensitive data that has been newly added, changed or moved.
Vulnerability assessments identify data risks that are due to oversight, mis-configurations, and un-patched systems. Vulnerability assessment results highlight where mitigation needs to occur to prevent exploitation and reduce the risk of a data breach. Using a virtual patching solution such as a Database Firewall or Web Application Firewall, organizations can automatically transform vulnerability assessment results into security policies that stop exploits even before a patch is applied. To help prioritize security activities, vulnerability assessment results can be correlated with data classification results to allow prioritized mitigation planning based on data sensitivity and associated risk.
User rights management is a process that is essential for preventing insiders from maliciously or unintentionally accessing sensitive data. User rights management includes establishing a baseline of current data access rights, auditing changes to user access rights, reducing excessive access rights to business need-to-know levels, and identifying dormant (i.e., inactive) users. These rights management capabilities are security best-practices and are required by a number of regulations including PCI, HIPAA and SOX, among others.
|SecureSphere Database Firewall||
|SecureSphere Discovery and Assessment Server||
|User Rights Management for Databases||
|User Rights Management for Files||
|SecureSphere Web Application Firewall||