Access "Information security spending shouldn't be driven by compliance"
This article is part of the June 2010 issue of Finding affordable encryption options for laptop data security
Do you know what your company's data is worth? I'd like to think you do, otherwise, how can you appropriately allocate security resources to keep that data safe? Chances are, however, you don't know. Otherwise, you wouldn't be spending as much on compliance as you are. Compliance-driven security is being forced upon most of you, and it's an approach that's totally contrary to what you should be doing. If data is indeed king, why aren't you following a data-centric approach to security? A recent RSA/Microsoft/Forrester Research report called "The Value of Corporate Secrets" tried its best to put a value on the data your company either produces--in the form of intellectual property or trade secrets--or collects from customers and partners. Their conclusion: Regulatory pressures force companies to spend close to half of their security budgets on compliance-driven security projects. The problem is that the report estimates that proprietary secrets are twice as valuable as custodial data. From the report: "Secrets comprise 62% of the overall information ... Access >>>
Premium Content for Free.
Cloud computing risks and how to manage them
by Tim Mather
Cloud computing alters enterprise risk. Here's what you need to know in order to safely navigate the cloud.
Use full disk or file/folder encryption for laptop data security
by Dave Shackleford
Learn about the options for protecting laptop data, including full disk encryption and file/folder encryption, and their associated deployment and management challenges.
- Cloud computing risks and how to manage them by Tim Mather
Symantec acquisitions cement encryption-as-a-feature
Symantec acquisitions of PGP and Guardian Edge future ensures that encryption is becoming less of a standalone security tool.
Demystifying governance, risk and compliance
by David Schneier
GRC aims to bring together disparate compliance efforts in the enterprise, but the concept has been stymied by a lack of clarity. Developing a GRC program requires three key steps.
- Symantec acquisitions cement encryption-as-a-feature
Don't keep quiet after a data security breach
by Kim Getgen and Kimberly Kiefer Peretti
Organizations who stay silent after a data security breach end up paying a higher price and helping cybercriminals.
Weighing the risk of hiring hackers
Bruce Schneier and Marcus Ranum debate the risks associated with hiring hackers.
Information security spending shouldn't be driven by compliance
If you're spending more to protect custodial data because of compliance than you are to protect company secrets, you're missing the big picture.
- Don't keep quiet after a data security breach by Kim Getgen and Kimberly Kiefer Peretti
More Premium Content Accessible For Free
For many security teams, "continuous monitoring" is a vague concept associated with FISMA compliance. A continuous monitoring program can be simple ...
The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...