Governing Data Access to Meet Security, Compliance and Operational Standards

Governing Data Access to Meet Security, Compliance and Operational Standards

Part 6: Governing Data Access to Meet Security, Compliance and Operational Standards In this 6th and final post of our “Moving from Checkbox Compliance to True Data Security” blog series, we’re going to see how all the work we’ve done in discovering where our data lives, collecting and analyzing relevant information about our data, monitoring activity, and restructuring access rights will pay off in a major way. As you’ve likely gathered already, “Governance” is a pretty important component of a…

Read More Read More

Collect and Analyze Relevant Data Points to Assess Risk

Collect and Analyze Relevant Data Points to Assess Risk

The goal of the Collect and Analyze phase is to assess relevant data points to answer critical questions like what’s the sensitivity of the data, who has access to it, who owns it, and what’s the age of that data.  When you begin to understand the answers to these questions, you can then begin prioritizing the resources that are at most risk and limiting access to them as you work towards achieving a Least Privilege Access model.

Moving from Checkbox Compliance to True Data Security

Moving from Checkbox Compliance to True Data Security

Organizations are shifting their focus to a core set of principles around protecting their credentials and data, but they struggle with a starting point. In this 6-part ‘Checkbox Compliance to True Data Security’ blog series, we will provide a foundational blueprint. The series will cover an overview of Data Access Governance (DAG) and introduce the 5 phases that will help shape a true data security program. In an interview with Dark Reading, Brian Christensen, head of global audit for Protiviti…

Read More Read More

Market Trends: Risk Based Security – Compliance Based Security – Security Through Obscurity

Market Trends: Risk Based Security – Compliance Based Security – Security Through Obscurity

What Security Strategy is Best For Your Organization? There are some great examples of Chief Executive Officers (CEOs) and Chief Information Security Officers (CISOs) working together towards protecting their employees, customers, and organization. On the other end of the spectrum, you have CEOs and CISOs that do not work well together. In order to evenly align your security strategy with the business’s needs, you have to be able to see eye-to-eye on the key issue of how your organization’s security…

Read More Read More

STEALTHbits ProTip: StealthAUDIT’s Sensitive Data Discovery for Compliance

STEALTHbits ProTip: StealthAUDIT’s Sensitive Data Discovery for Compliance

With compliance standards driving more and more organizations to directly tag their data, StealthAUDIT’s Sensitive Data Discovery allows you to easily locate and understand the data that was important enough to tag in the first place. The configuration for sensitive data discovery is located within the Criteria Editor.  To get there navigate the Job Tree to the 1-SEEK System Scans job located in Jobs > FileSystem > 0.Collection.  Open the Query Properties as shown below: From here, select SDD Audit Criteria…

Read More Read More

Podcast: Service Account Attacks & How To Prevent Them

Podcast: Service Account Attacks & How To Prevent Them

Service accounts are under managed and overprivileged. Being pushed along by application groups annoyed that they need to deal with any process at all, security or helpdesk folks simply make an account, give it rights, and get it in the hands of the application folks. The application team thinks the account is controlled like any other, but that’s wrong most of the time. The folks in charge of the directories think the application or security team are giving the service…

Read More Read More

5 Essential Steps to EU GDPR – Part 5: GDPR The Ticking Time Bomb

5 Essential Steps to EU GDPR – Part 5: GDPR The Ticking Time Bomb

At the time of writing this blog, there are 378 days, 8 hours until the GDPR comes into force. That’s 54 weeks or approximately 270 weekdays, not considering public holidays. Surely plenty of time to get everything in place and ensure your business is compliant. Right? Wrong! Let me back this up by putting some context around the various elements discussed in the previous blogs in this series. The GDPR Project Obviously, no two organisations are identical so for the sake of…

Read More Read More

5 Essential Steps to EU GDPR – Part 4: STEALTHbits Technologies, a logical fit for EU GDPR

5 Essential Steps to EU GDPR – Part 4: STEALTHbits Technologies, a logical fit for EU GDPR

In part three we discussed how no one person, organisation or vendor has ‘the’ silver bullet to GDPR compliance.  What you need is an array of tools and people to address the many challenges ahead. Saying that not all technical solutions are equal in their value to a GDPR project. Given GDPR is a Data Governance project (as discussed in part two), it makes sense to leverage both technology and people with Data Governance running through their veins STEALTHbits is that….

Read More Read More

5 Essential Steps to EU GDPR – Part 3: Engage the Right People

5 Essential Steps to EU GDPR – Part 3: Engage the Right People

This is arguably the most important element in achieving GDPR compliance. No organisation can do everything independently. Even software vendors must engage with outside agencies on this one. We’re going to discuss ‘the right people’ as two categories; Internal and External. If ever there was an all hands requirement in a project, this is it. Internal Because GDPR is a compliance regulation, it’s far too easy to fall into the trap of believing this is simply a job for the…

Read More Read More

5 Essential Steps to EU GDPR – Part 2: GDPR, the Data Access Governance Project

5 Essential Steps to EU GDPR – Part 2: GDPR, the Data Access Governance Project

In part one we looked at the questions organisations must address when dealing with DSARs (Data Subject Access Request). Simple questions, but in reality, tricky or virtually impossible to answer depending on the size and complexity of your data infrastructure. That said, they’re actually the core premise of Data and Access Governance. What is Data Access Governance (DAG)? DAG is best described as ‘Governing who has access to what’. It’s giving the right people access to the right data in a…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.