Strong Information Management: Your Best Cybersecurity Defense

Lockheed Martin pioneered the Cybersecurity Kill Chain as a way to help information security professionals organize the work they do preventing breaches, as well as minimize the impact of those breaches when they occur.  

At this point it’s fairly ubiquitous in information security circles, and has gone through many adaptations since its introduction. 

Someone shared a version at an AIIM conference recently that I find effective:

How Information Management Can Help

What I want to look at is how information management can help information security professionals with one, very critical link in the Kill Chain: data theft. 

Data theft is what happens when a bad actor — either internal or external — enters the network and takes control of a device or devices in order to steal or compromise data (e.g., through encryption). 

The market is flooded with products that help organizations prevent data theft. Two main categories of software tools that impact data theft are data loss prevention (DLP) and information rights management (IRM).

However a well designed and executed information management program is equally if not more powerful than any of these tools. Here’s why …

Your Best Protection Against Data Theft: A Well Run Information Management Program

An effective information management program helps organizations keep the data they need (i.e., data with legal or operational use) and purge the data they don't (i.e., data that's past its legal or operational life). 

Learning Opportunities

Webinar

May

30

ChatGPT and the Future of Conversational AI

This discussion explores various aspects of AI implementation, ethical considerations, and challenges for your organization.

Webinar

May

31

The Evolution of Employee Listening - 2023 Trends & Best Practices

Learn proven effective methods and solutions to supporting an inspirational future of Employee Voice

Webinar

Jun

1

How organizations can design, build and run Generative AI into the Customer Experience

Discover how to drive enhanced CX through Generative AI

Webinar

Jun

6

The Future of Social Media: Emerging Trends and How to Stay Ahead of the Curve

The impact of emerging technologies like AI on social media

Webinar

Jun

7

The Building Blocks of Personalization

This webinar will explore how personalization can create powerful ecommerce shopping experience.

Webinar

Jun

13

The Future of Contact Centers with AI at the Helm

Learn how to balance human intuition and interaction with the potential uses of AI to create delightful and lasting CX

Webinar

May

30

ChatGPT and the Future of Conversational AI

This discussion explores various aspects of AI implementation, ethical considerations, and challenges for your organization.

Webinar

May

31

The Evolution of Employee Listening - 2023 Trends & Best Practices

Learn proven effective methods and solutions to supporting an inspirational future of Employee Voice

Webinar

May

30

ChatGPT and the Future of Conversational AI

This discussion explores various aspects of AI implementation, ethical considerations, and challenges for your organization.

Webinar

May

31

The Evolution of Employee Listening - 2023 Trends & Best Practices

Learn proven effective methods and solutions to supporting an inspirational future of Employee Voice

Webinar

Jun

1

How organizations can design, build and run Generative AI into the Customer Experience

Discover how to drive enhanced CX through Generative AI

Webinar

May

30

ChatGPT and the Future of Conversational AI

This discussion explores various aspects of AI implementation, ethical considerations, and challenges for your organization.

View all

Effective information management reduces the information footprint of an organization, which means less data for bad actors to steal. It also means that an organization’s limited resources can focus on protecting a smaller set of relevant data, which increases the chances of success for the DLP, IRM or other tools.

For example, if we have a billing system that's 20 years old and haven’t ever purged data from it (even though our corporate records retention schedule says we should purge billing records after, say, seven years), we’ve got 13 more years of billing data (with PII/PCI in it) than we should according to our own corporate policies. 

When a breach happens, these 13 extra years of data will magnify the impact and severity of it substantially due to our mistake of over-retention. 

Key Steps to Ensure Proper Data Retention

Although executing on information management is a complex undertaking, at a high level, you need to take a few key steps:

1. Data map – Determine what data we have, where data is and who owns it.
2. Policy infrastructure – Put policies in place to manage information throughout its lifecycle (including data that’s been orphaned or abandoned).
3. Content assessment – Scan content to determine what is junk, stale and sensitive (PHI, PII, PCI, intellectual property), as well as whether the security and access for this content is appropriate.
4. Remediation and clean up – Based on policy and the results of the content assessment, purge junk/stale content and remediate inappropriate security and access.
5. Monitoring and prevention – Scan the environment on an ongoing basis to identify both non-compliant activity (e.g., mishandled PHI) and growth of stale/junk data and take action to address.

Although this post has been high level, hopefully it’s shown you how information management can contribute to traditional cybersecurity activities. 

At many firms, the two functions cooperate very closely, and in some cases join forces under the same roof. And given how much attention, resources and dollars cybersecurity gets these days, this is a very good thing for information management, which often doesn't get this level of support. 

Learn how you can join our contributor community.