Power your Marketing.

Data Protection and Information Security Hierarchies – IWCO Direct

When It Comes to Data Protection, Companies Must Structure and Control Access

John Sobieck

At IWCO Direct, we have a great responsibility to protect our clients’ information assets. In fact, this responsibility is a key driver of everything our security team does, from achieving certifications to ensuring we have the right security policies in place. While IWCO Direct is certainly concerned with protecting our own information, many of our security initiatives are driven by the ever-evolving requirements of our clients. When they get better, we get better.

The first step in protecting an organization’s assets is to identify them, assess any risks to their security, and define appropriate protection controls and responsibilities. An asset is anything which has measurable value to the organization, though an asset’s value may not necessarily be monetary. Assets can include information, software, equipment, services, people, and even reputation.

Sorting, Securing, Protecting, Updating, and Managing Information

Security professionals use two general toolkits to determine information access: Asset Management (which covers classification, definition, and handling of information) and Access Control (which can limit information access to need-to-know parties). Communication is the basis that ties these disciplines together, helping us sort information before deciding who needs to access it.

An information classification hierarchy structures access to data based on its criticality and importance. Think about how government agencies classify data from “unclassified” to “classified” to “top secret”: the general idea is to be able to identify which assets represent no risk and are suitable for sharing with the public, which assets should be kept internal, and which assets require the strictest protection with the least access given.

A great foundation for maintaining tight, up-to-date information access and protecting data in any organization is the principle of “least privilege,” which means providing only the minimum access necessary to complete a required task. According to least privilege, access must be generally forbidden unless expressly permitted. In business terms, this means giving employees only the information they need to do their jobs.

As complementary strategies, hierarchies and the principle of least privilege ensure that security teams can maintain structures with minimal gaps and maximum flexibility based on periodic entitlement reviews. This process helps us support the philosophy of least privilege and enhances our data protection efforts by confirming that people or parties who don’t need certain information aren’t authorized to access it. Conversely, it helps us make sure that any access an individual does have is still needed.

Is Your Marketing Partner Taking Data Protection Seriously?

If any of this information makes you curious about your marketing partner’s data protection policies, ask them to define how seriously they take the protection of your data. Do they have an information classification scheme? If they do, do they consider your data worthy of the highest classification and the strongest protection? If so, challenge them to demonstrate it. Where, how, and why is your data stored? Do only necessary individuals have access to it, supporting the principle of least privilege?

At IWCO Direct, our clients’ data is considered the most important information to protect. In a time of major data breaches and mishandled information, our clients’ data security is in the spotlight—and with the help of strong structures and processes, we stay prepared to protect it.

link https://www.iwco.com/blog/2018/05/30/data-protection-access-control/
John Sobieck

Author

John Sobieck

Security Analyst with a BFA from Bemidji State University. Believes great work is accomplished by great teams and integrates that belief into everything he does at IWCO Direct. When not focused on data security or practicing Tae Kwon Do, this born traveler can be found exploring Minnesota’s North Shore.

More Posts by John

Subscribe

Subscribe to SpeakingDIRECT to have new articles delivered to your inbox as they post. We promise to keep it fresh and interesting.

IWCO Direct Achieves G7 Colorspace Master Qualification – The Most Stringent Level of G7 ComplianceRead More
keyboard_arrow_upBack to top