Manualshelf

Datasheet

ManualsBrandsFor Dummies Manualsbooks978-0-470-38843-3
11121314151617181920
23
Chapter 1: Defining Data Loss
Identify issues that may cause loss of information confidentiality, integ-
rity, or availability
Provide management with appropriate strategies and controls for the
management of information assets.
Although getting this juggernaut underway looks like a daunting process, it
isn’t rocket science. You can start with simple procedures — say, to start
reining in the security of end-user laptops and desktops — or researching
and listing best practices for protecting restricted data, or perhaps work-
ing out what your organization considers restricted data. The problem, in a
hectic, 24/7 world, is that you have to make time for all this — and if you’re in
IT, senior management may be struggling to understand why you exist at all if
you aren’t directly generating income.
Actually you’re protecting income. Here are some reasons why:
Although IT professionals agree with consumers about the severity of
data-leakage incidents, they may underestimate their frequency.
IT professionals expect IT incidents to occur about once a month; if the
preceding point is correct, then these events probably happen more
than once a month.
Work-process issues cause 53 percent of IT incidents — most often
because no process is in place to manage the incident.
IT risk management is more than a defensive exercise — it identifies
trade-offs among risks, costs, and controls for confident, risk-aware pur-
suit of opportunities. (Hint: Opportunities generate income.)
From a career-enhancement perspective, all this is great news. You have no
doubt heard of the CIO (Chief Information Officer), but new roles are being
created, such as the CISO (Chief Information Security Officer) and CIRO
(Chief Information Risk Officer). These roles are becoming prevalent in large
companies; before long, they’ll make it into smaller ones. If you’re the person
who understands the problem and can fix it, then it may be time to recom-
mend that your company needs a CISO or CIRO — and you know just the right
person for the job: You. Just do your homework first. (But you knew that.)
Electronic records — incoming!
There’s an information tsunami on the horizon. CIOs in 2009 are under
increased pressure to deliver business growth, but complexity and tight bud-
gets are still the enemy. But if one of your basic assets is at risk, it makes just
as much sense to focus on data storage and data security — you’ve got to
05_388433-ch01.indd 2305_388433-ch01.indd 23 1/23/09 9:36:08 PM1/23/09 9:36:08 PM