Data Risk Management

Data risk management helps organizations balance potential data risks with business priorities, expenses and other resource constraints. Data risk management helps organizations meet regulatory compliance mandates and reduce the impact of hackers and malicious insiders.

A basic framework for data risk management includes:

Data classification to locate sensitive data
Vulnerability assessment to discover and mitigate application or systems weaknesses
User rights management to identify and remediate internal risks

Key Drivers

Data Classification

The first step in the data risk management process is identifying which data is sensitive. Automated data classification helps accelerate the process of locating sensitive data, which is typically distributed across the data center. Data classification can be used to find a variety of sensitive data, including regulated data such as credit card numbers, national identity numbers, medical records and other personally identifiable information. Automated data classification is especially important when ongoing classification is required to identify sensitive data that has been newly added, changed or moved.

Vulnerability Assessment

Vulnerability assessments identify data risks that are due to oversight, mis-configurations, and un-patched systems. Vulnerability assessment results highlight where mitigation needs to occur to prevent exploitation and reduce the risk of a data breach. Using a virtual patching solution such as a Database Firewall or Web Application Firewall, organizations can automatically transform vulnerability assessment results into security policies that stop exploits even before a patch is applied. To help prioritize security activities, vulnerability assessment results can be correlated with data classification results to allow prioritized mitigation planning based on data sensitivity and associated risk.

User Rights Management

User rights management is a process that is essential for preventing insiders from maliciously or unintentionally accessing sensitive data. User rights management includes establishing a baseline of current data access rights, auditing changes to user access rights, reducing excessive access rights to business need-to-know levels, and identifying dormant (i.e., inactive) users. These rights management capabilities are security best-practices and are required by a number of regulations including PCI, HIPAA and SOX, among others.

Related Products:

Database Security
Product Name:	Capabilities:
SecureSphere Database Firewall	Virtually patch databases by blocking vulnerability exploits identified by SecureSphere Discover and Assessment Server
SecureSphere Discovery and Assessment Server	Automate data classification Assess databases for vulnerabilities Prioritize security risks
User Rights Management for Databases	Aggregate access rights across databases Remove excessive rights and dormant users Ensure access is based on a business need-to-know

File Security
Product Name:	Capabilities:
User Rights Management for Files	Aggregate and analyze file access rights Remove excessive rights and dormant users Automate data classification based on meta-data attributes Ensure access is based on a business need-to-know A part of SecureSphere File Activity Monitoring and SecureSphere File Firewall

Web Security
Product Name:	Capabilities:
SecureSphere Web Application Firewall	Virtually patch databases by blocking vulnerability exploits Virtually patch Web applications by blocking vulnerability exploits identified by OpenSphere vulnerability scanners