Data Risk Management is a business-focused approach to understand risks inherent in data usage. It helps us answer questions such as:
- What usage presents the most risk?
- What data needs better protection?
- What is the impact of loss?
- Who is using my data?
- Are we focusing our resources in the right place?
Risks related to loss or manipulation of data are at an all time high and the impact of those types of events is staggering not only in the big picture view but also to individual companies. It is because of these concerns that company boards and high-level leadership are paying so much attention to cybersecurity risks. One recent survey notes 82% of boards are concerned about cybersecurity.
Indeed, the companies and individuals we work with don't typically question the cybersecurity risks present in their environments but they do grapple with the best approach to defending themselves. Over the course of the last several years, many of the individuals responsible for information security as well as vendors that support them have increasingly focused their attention on monitoring and detection of attacks. This focus is critical to the success of minimizing the impact of events.
The success of monitoring and detection of attacks in progress is helping organizations focus their security operations and incident response efforts. In the same way, Data Risk Management is an approach to detection of the most important situations that lead to or enable risks in the first place. It brings intelligence of business processes, usage/storage of data and aspects of data such as classification and compliance association together into an aggregate view of what is most important to a company. That aggregate set of information can be used to help detect where the highest risks exist as related to preventative controls or vulnerabilities in related environments.
Data Risk Management as a process can help organizations choose more accurately where they should apply their focus and their limited resources. It provides justification to programs, capital expenditures, and assignment of resources. And data risk management helps to support decisions to apply technology and other controls because a clear line can be drawn between a need to secure, and the missing pieces to do so.