Access your Pro+ Content below.
Data Lifecycle Management Model Shows Risks and Integrated Data Flow
This article is part of the July/August 2008 issue of Information Security magazine
Information flows through business processes in an orderly fashion; security must flow right along with it. Today's chief information security officer, schooled by the Common Body of Knowledge for Information Security, CISSP and CISM handbooks, and reliant on frameworks such as ISO 27001, tackles security as a collection of individual issues rather than holistically. These time-tested resources don't necessarily help the CISO gain a grasp of the integrated flow of data and how to secure it. Enterprise executives don't think in silos; they look at business processes and flows. And this is how CISOs should examine data--as a lifecycle from birth to death, and as it resides within business processes. It is a business cycle to be reviewed, analyzed and contended with. Similar to an economic value-add analysis methodology, the data lifecycle security model (PDF below) shows how data is collected, classified, stored, used, retained and ultimately destroyed. It shows process, transition and a business flow. @exb Data Lifecycle CLICK ...