many security cameras
PHOTO: Matthew Wiebe

Lockheed Martin pioneered the Cybersecurity Kill Chain as a way to help information security professionals organize the work they do preventing breaches, as well as minimize the impact of those breaches when they occur.  

At this point it’s fairly ubiquitous in information security circles, and has gone through many adaptations since its introduction. 

Someone shared a version at an AIIM conference recently that I find effective:

Modified Lockheed Martin Cybersecurity Kill Chain
Modified Lockheed Martin Cybersecurity Kill Chain

How Information Management Can Help

What I want to look at is how information management can help information security professionals with one, very critical link in the Kill Chain: data theft. 

Data theft is what happens when a bad actor — either internal or external — enters the network and takes control of a device or devices in order to steal or compromise data (e.g., through encryption). 

The market is flooded with products that help organizations prevent data theft. Two main categories of software tools that impact data theft are data loss prevention (DLP) and information rights management (IRM).

However a well designed and executed information management program is equally if not more powerful than any of these tools. Here’s why …

Your Best Protection Against Data Theft: A Well Run Information Management Program

An effective information management program helps organizations keep the data they need (i.e., data with legal or operational use) and purge the data they don't (i.e., data that's past its legal or operational life). 

Effective information management reduces the information footprint of an organization, which means less data for bad actors to steal. It also means that an organization’s limited resources can focus on protecting a smaller set of relevant data, which increases the chances of success for the DLP, IRM or other tools.

For example, if we have a billing system that's 20 years old and haven’t ever purged data from it (even though our corporate records retention schedule says we should purge billing records after, say, seven years), we’ve got 13 more years of billing data (with PII/PCI in it) than we should according to our own corporate policies. 

When a breach happens, these 13 extra years of data will magnify the impact and severity of it substantially due to our mistake of over-retention. 

Key Steps to Ensure Proper Data Retention

Although executing on information management is a complex undertaking, at a high level, you need to take a few key steps:

  1. Data map – Determine what data we have, where data is and who owns it.
  2. Policy infrastructure – Put policies in place to manage information throughout its lifecycle (including data that’s been orphaned or abandoned).
  3. Content assessment – Scan content to determine what is junk, stale and sensitive (PHI, PII, PCI, intellectual property), as well as whether the security and access for this content is appropriate.
  4. Remediation and clean up – Based on policy and the results of the content assessment, purge junk/stale content and remediate inappropriate security and access.
  5. Monitoring and prevention – Scan the environment on an ongoing basis to identify both non-compliant activity (e.g., mishandled PHI) and growth of stale/junk data and take action to address.

Although this post has been high level, hopefully it’s shown you how information management can contribute to traditional cybersecurity activities. 

At many firms, the two functions cooperate very closely, and in some cases join forces under the same roof. And given how much attention, resources and dollars cybersecurity gets these days, this is a very good thing for information management, which often doesn't get this level of support.