Security is a Process...Not a State
It is second nature to most of us that security is a process and not a state. However, many of us overlook the implications of this fact in regard to data security. Let's consider the implications now.
The breach of sensitive information is different than a breach of security in regard to physical items and is discussed more than once in previous postings on this blog. The actual loss derives not from the breach, but from the litigation and bad press the results. The risk applies to brand and shareholder value. It is for this reason that the process of security must be formalized. If the loss results from bad press and litigation then the defense is the ability to demonstrate the a reasonable standard of care was being provided. This is best demonstrated by producing a written plan, evidence of effective management with third party oversight and evidence of the progress being made on the plan.
Formalizing the security process does not need to be burdensome or costly, and as a risk mitigation measure, it is almost instantaneous in its effect and unassailable in its cost effectiveness.
The breach of sensitive information is different than a breach of security in regard to physical items and is discussed more than once in previous postings on this blog. The actual loss derives not from the breach, but from the litigation and bad press the results. The risk applies to brand and shareholder value. It is for this reason that the process of security must be formalized. If the loss results from bad press and litigation then the defense is the ability to demonstrate the a reasonable standard of care was being provided. This is best demonstrated by producing a written plan, evidence of effective management with third party oversight and evidence of the progress being made on the plan.
Formalizing the security process does not need to be burdensome or costly, and as a risk mitigation measure, it is almost instantaneous in its effect and unassailable in its cost effectiveness.
posted by Joel Rakow, Ed.D. at 8:01 AM
<< Home