Friday, October 26, 2007

Interdepartmental Coordination Key to Effective Data Security Breach Prevention

Two recent reports illustrate the importance of coordination of security measures among various internal functions. A recently released security intelligence report and survey by Microsoft revealed that the failure of various company functions to coordinate security efforts is a primary reason for mismanagement of data, and increases the odds of the occurrence of a data security breach. Microsoft article The survey found that the marketing function, the privacy function, and the security function all tend to think that the IT department is taking care of securing the company's data. Further, security and privacy functions depend on the marketing function to operate in a manner that protects sensitive data. The study found a direct relationship between the incidence of data security breaches and the extent of collaboration among departments. In those companies where there was good collaboration among departments, the incidence of a breach was only 29%, compared to 75% in those companies with poor collaboration. Two recently reported data security breaches by Home Depot Home Depot report and Iron Mountain Iron Mountain report also underscore the importance of various company functions working together to assure that security measures adopted are actually serving the desired purpose. Neither case involved infiltration of the companies' systems, but were the result of either lost or stolen laptop or backup disks. Both companies rushed to reassure potential victims that the data was password protected, and in the case of Home Depot, that it was encrypted. However, even though the IT departments in these cases has properly acted to institute such protections of customer and employee data, it is important to work with the legal function and other senior management to be certain that it is possible to prove that the stolen data in fact can't be tampered with. By working together, a company's collective expertise will provide the optimum protections against data security breaches.

No comments: