SlideShare ist ein Scribd-Unternehmen logo

Taming the data demons: leveraging information in the age of risk white paper

IBM India Smarter Computing
IBM India Smarter Computing

There is no getting around it, if a business today loses accessto its data, it is soon out of business. There are many reasonswhy an organization could find its access to reliable, securedata compromised—everything from a missing laptop to acorporate merger to a hurricane (see Figure 1). Then there are the legal and compliance requirements. In fact, many organizations that never previously considered themselves tobe potential targets for hackers, or maintainers of sensitivecustomer data, now find themselves every bit as responsiblefor compliance as banks, hospitals and other traditional sub-jects of compliance regulations.

BusinessWirtschaft & Finanzen
1 von 12
Downloaden Sie, um offline zu lesen
IBM Global Technology Services September 2010 Thought Leadership White Paper Taming the data demons: leveraging information in the age of risk
2 Taming the data demons: leveraging information in the age of risk Contents identify these downside risks ahead of time, accurately evaluat- ing their effect on the business, and putting processes and 2 Introduction safeguards in place to mitigate them. This is true of every type 3 Data risk management defined of risk an organization faces—business-driven, event-driven and, especially, data-driven risk. 4 Meeting the unrealized need With data being the new world currency, and the cost of 4 Yesterday’s data risk management—saying “no” maintaining and protecting that data running exponentially 5 Today’s data risk management—saying “yes” higher than the cost to capture it in the first place, data risk management is assuming a new importance among IT and 5 It starts with governance line-of-business executives alike. 6 The trouble with silos It may not be enough, however, to simply assign data risk 6 The shortest distance between data and its safety management a new level of importance. A new point-of-view 7 Data on the move may be required, as well. A holistic point-of-view that makes data risk management an integral part of both enterprise- 9 Holistic has its benefits wide data polices and business strategies. A point-of-view that has the potential to deliver lower cost, faster return on 9 IBM can help investment, better compliance and a more flexible and resilient 12 For more information organization. Introduction This white paper explores the framework and advantages of a holistic approach to data risk management, and provides both Innovative companies understand that risk is essential to IT and line-of-business executives with the “why” and “how” growing a business. Every initiative that has the potential to to begin putting a holistic data risk management program to break new ground, open up new markets or extend a competi- work in organizations large and small. tive advantage also has a potential downside. The key is to
IBM Global Technology Service 3 Data risk management defined organizations that never previously considered themselves to There is no getting around it, if a business today loses access be potential targets for hackers, or maintainers of sensitive to its data, it is soon out of business. There are many reasons customer data, now find themselves every bit as responsible why an organization could find its access to reliable, secure for compliance as banks, hospitals and other traditional sub- data compromised—everything from a missing laptop to a jects of compliance regulations. corporate merger to a hurricane (see Figure 1). Then there are the legal and compliance requirements. In fact, many IT security 78% Hardware and system malfunction 63% Power failure 50% Physical security 40% Theft 28% Product quality issues 25% Federal compliance issues 22% Natural disaster 17% E-discovery requests 13% Supply chain breakdown 11% Terrorism activity 6% Source: 2010 IBM Global IT Risk Study Figure 1: Today’s organizations face a wide range of risk issues, almost all of which have an impact on that organization’s data.
4 Taming the data demons: leveraging information in the age of risk It is more important than ever that data Many organizations simply do not realize the positive role data risk management can play in their efforts to make cost- risk management processes be part of an and business-effective use of their data. Efficient data risk integrated whole. management not only leverages IT’s enterprise-wide view of the business and its data to create a more complete picture of Data risk management provides the methodology by which all the data, its value and its risk issues—it can bring to light new, data risks—internal and external, IT- and business-related— more responsible, more profitable ways of capturing, storing are identified, qualified, avoided, accepted, mitigated or and delivering that data for business advantage. transferred out. In today’s global marketplace, where multiple locations and a blend of in-house and vendor solutions must Most organizations do not realize the posi- work together instantly and seamlessly, it is more important than ever that an organization’s data risk management tive role data risk management can play in processes and procedures be part of a coordinated and well- their business strategies. thought-out whole. In this way, the complete risk picture of every type of data an organization possesses can be accurately Yesterday’s data risk management— assessed over its entire lifespan; negative risks can be mitigated and positive risks can be leveraged for business gain. saying “no” Up to now, most organizations’ approach to data risk manage- ment has been reactive. Focus has been on negative risks such Meeting the unrealized need as hacking, theft and data system failure. The response has Data is not just growing, it is exploding. According to IDC, been to say “no”—to severely limit access to data, build hefty organizations are facing, on average, 50 to 60 percent average firewalls and deal with each new threat as it is exposed, often data growth.1 And for every $1 spent creating data, another at great expense to both the data systems and the business. $10 to $12 may be required to manage that data. With all this data, and all this money being spent on creating and maintain- ing it, it only makes smart business sense to strive for maxi- No one in the organization may have an mum return for that money. Not to mention reducing the cost accurate picture of data’s business value. wherever possible.
IBM Global Technology Service 5 Mitigating negative risk is important, but risk avoidance is Holistic data risk management is about only one half of robust data risk management. Unlocking the opportunity inherent in positive risk is the other half. saying a protected and measured “yes.” Unfortunately, positive risk is hard to see behind the silos. Data risks have been traditionally compartmentalized into silo It starts with governance categories such as availability, access security and disaster Governance is where holistic data risk management begins, recovery. The data itself is also often compartmentalized by and what separates it from traditional, reactive risk manage- department and data type. What this means is that no one in ment. Good governance builds the data risk policies and the organization has a complete picture of where the data is, procedures into business systems and processes as they are how and when it is being used, and what its business value created and implemented—making data risk management truly is. As a result, most organizations’ data risk efforts are more robust while remaining virtually transparent to users simply reactive cost centers rather than proactive value inside and outside the organization. creators. Robust governance helps assure that there is Today’s data risk management— saying “yes” a proactive approach to current and future Truly effective, holistic data risk management is not primarily data risks. a data issue or a risk issue; it is a management issue. Holistic data risk management takes a business-oriented approach, Data risk governance is like a guidebook everyone refers to in looking first at the business processes, then at the related order to be sure they are all on the same page. It provides the data—assigning positive and negative risk evaluations based on policies, controls and operational guidelines that enable risk- use of the data across the organization and between the organ- responsible individuals throughout the organization to thor- ization and its customers, partners and vendors. Holistic data oughly and correctly assign risk type and severity to data and risk management is about saying a measured, protected and its related systems and processes and either leverage or miti- well-planned “yes” to new opportunities, new markets and gate that risk. new competitive postures.
6 Taming the data demons: leveraging information in the age of risk An effective data risk governance policy helps drive business Data silos are not the only ones that need to be addressed in a value through its ability to: good data risk management plan. There are also risk silos, such as availability, data security, access security and disaster ● Increase compliance and regulatory adherence recovery. In the 2010 IBM Global IT Risk Study, 47 percent ● Enhance business intelligence capabilities of the respondents reported that even risk planning itself hap- ● Facilitate alignment of IT data initiatives and business pens in silos. These risk silos have traditionally been consid- strategies, including management of business and IT growth ered distinct disciplines but now need to be brought together ● Improve ability to measure, monitor and improve business to give a more accurate and complete risk picture. performance ● Reduce complexity to help improve business flexibility and By breaking down the barriers that have traditionally defined accelerate strategic initiatives. data use, not to mention business processes and strategic planning, holistic data risk management can serve as both a The trouble with silos proving ground for more extensive organizational risk man- To drive up the value of data risk management initiatives, agement changes and a source of new inspiration for every- organizations have to drive out complexity—and that means thing from corporate structure to new products and services. silos. Getting rid of as many data silos as possible is a good first step. Some of those data silos are obvious, such as the The shortest distance between data and its safety data that is stored separately by each department and internal A straight line is, of course, the shortest distance between two versus externally created data. Some silos are not so obvious, points. The more often the lines that connect data to other such as those that separate structured data such as order forms data, people and places can be straightened, the more effi- and inventory tracking from unstructured data such as e-mails ciently data risk can be managed. One way to straighten and corporate correspondence. out—and optimize—data lines is by eliminating redundancy. The more often the same data is repeated throughout an organization’s systems, the greater the risk that it can become Data silos are not the only barriers that corrupted, accessed inappropriately or updated inconsistently. need to be eliminated in effective data risk management—consider business silos, even risk silos.
IBM Global Technology Service 7 Accurate, ongoing prioritization of data second state—data on the move—to add new access points that reflect the changing nature of the workplace and to pro- is crucial to effective, efficient data risk tect those access points from exploitation. management. Holistic data risk management addresses Prioritization is another important optimization technique. Without it, an organization has no way of knowing how the risk inherent in all data states—at rest, mission-critical any specific piece or type of data is. As a in motion and in use. result, many organizations seek to protect all data as if it were mission-critical, resulting in much higher-than-necessary risk Virtual private networks, remote access, smartphones, even management costs. Other organizations pursue lower costs by iPods have now become mainstream business tools, and assigning all data middle-of-the-road protection, leaving their technologies such as cloud computing are coming on quickly. truly critical data painfully exposed. When an organization Traditional data risk management, with its emphasis on assigns data a relative priority that is based on a thorough limiting access and locking down data, has simply locked understanding of what the data is, how and where it is used these technologies out. The 2010 IBM Global IT Risk Study and how it contributes to business goals and the organization’s revealed that 64 percent of respondents viewed social net- bottom line—such as happens within robust data risk working tools as extremely risky/risky, for example. The governance—the organization can be assured that it has problem with this approach is that as long as these technolo- adequately protected all its data in the most cost-and gies are being used, data is being created on them—data that resource-efficient manner. is residing outside the enterprise and its security and risk management protocols. Now is the time to welcome that Data on the move data, and the technologies that create and access it, into the Data is defined as being in one of three states: 1) at rest in organizational fold and take full advantage of the adaptability storage, 2) in motion in the network, 3) in use on the desktop, and flexibility the technologies provide. A holistically planned as illustrated in Figure 2. A good data risk management plan and implemented data risk management initiative can make addresses the risks inherent in all three states. A holistic data this possible. risk management plan takes a new and expanded look at the
8 Taming the data demons: leveraging information in the age of risk Measurement of a successful holistic data risk management program can go far beyond standard metrics. Data risk management standards and practices should: Define the scope of risk analysis. Identify the business activities, Data at Data in Data in ● initiatives and supporting technologies and infrastructure rest motion use elements that will be included in the data risk management effort. ● Identify and define risks. Map each business activity to poten- tial threats and the data that could be at risk. ● Assess the likelihood of risk occurrence and level of impact. Calculate the probability and severity of an actual breach Figure 2: An organization’s data exists in one of three states at any given from the scope of business activities, resulting in an overall time, with different risks inherent in each state. view of risk. ● Evaluate controls. Assess the quality of existing controls used Setting the standards to prevent, detect and mitigate risks, factoring in cost versus No good initiative is complete without establishing the means value provided. to measure its success. The same is true for a good data risk ● Assess risk and determine treatments and responses. Review risks management plan. The benchmark measurements have not relative to risk appetite, then prioritize risk reduction activi- changed: service level agreements (SLAs) for availability and ties and select investments based on cost/benefit analysis. access; recovery time objectives (RTOs) and recovery point ● Implement risk reduction actions. Develop, test and implement objectives (RPOs) for disaster recovery; labor, systems and detailed plans for risk treatment. bandwidth costs for data access; application impact for ● Provide ongoing monitoring and feedback. Continually collect security. But there are other standards and practices, applica- data on threats, impacts and effectiveness of current risk ble to IT risk management in general and data risk manage- management process and adjust risk action plans and ment in particular, that need to be part of a holistic data risk processes accordingly. management plan. ● Address the positive side of risk. Provide a more complete risk picture by balancing the potential negative risk inherent in growth such as new offices, new servers and distributed data with the potential positives such as shortened time to market and improved customer acquisition, retention and service.
IBM Global Technology Service 9 Holistic has its benefits ● Heightened ability to win business and maintain existing The most immediate reasons to consider putting a holistic contracts/customers data risk management plan into action are the monetary ones. ● New capabilities to innovate and drive competitive solutions A holistic approach to data risk management can help trans- ● Easier assimilation of acquisitions and mergers form an organization’s risk-related activities from a cost center ● New responsiveness to customer requests and feedback to a value center by: ● New solutions to help grow market share. ● Delivering considerable savings over traditional data IBM can help risk management efforts—sometimes as much as 20 to IBM’s holistic view of data risk management—and the prod- 30 percent ucts and services that make that view a reality for our clients— ● Helping to avoid contractual, industry and regulatory is part of the IBM Security Framework, a combination of penalties model and methodology that is optimized to allow organiza- ● Creating and maintaining one set of processes, leading to tions to understand core business processes, the threats and reduced redundancies compared to traditional data risk vulnerabilities associated with the processes and the ability to management efforts make viable recommendations for the whole. ● Helping to enable new revenue streams ● Allowing for faster market rollout of new initiatives, prod- The IBM Security Framework encompasses: ucts and services. 1. People and identity 2. Data and information Potential benefits to holistic data risk man- 3. Application and process agement include faster time to market and 4. Network, server and endpoint a new responsiveness to customer requests. 5. Physical infrastructure. There are additional benefits to holistic data risk management that go beyond immediate cost savings. These can include: ● Smoother expansion into new markets ● The ability to take on new global partners safely and securely expand relationships with existing partners
10 Taming the data demons: leveraging information in the age of risk By placing its data risk management solution within this framework, an organization can be assured that an extensive IBM Security Framework knowledge of best practices, proven expertise and global reach have been fully leveraged for its benefit. The organization will also know that its data risk management solution has the abil- SECURITY GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE ity to fit together with other framework security solutions across the enterprise. PEOPLE AND IDENTITY Utilizing the IBM Security Framework, DATA AND INFORMATION organizations can implement holistic data risk management at the speed and scope APPLICATION AND PROCESS that matches their needs. NETWORK, SERVER AND END POINT Individual IBM data risk management solutions have been designed to help organizations qualify risk, forecast in a more PHYSICAL INFRASTRUCTURE proactive manner and establish controls to mitigate exposures. Using a highly modular approach, organizations can imple- ment the process areas that can help generate the greatest Common Policy, Event Handling and Reporting value today and then add others as needs change. Professional Managed Hardware services services and software IBM’s holistic approach to data risk management also includes access to extensive industry knowledge and industry-specific solutions that cover important data risk areas such as PCI compliance and remote data protection. Figure 3: The IBM Security Framework provides a risk model, methodol- ogy and links to a robust portfolio of data risk management solutions.
Notes
For more information If you and your organization would like to learn more about the holistic approach to data risk management, what this approach can do for your organization and how IBM can help you achieve its full benefits, please contact your IBM market- ing representative or IBM Business Partner, or visit the fol- © Copyright IBM Corporation 2010 lowing website: ibm.com/smarterplanet/security IBM Global Services Route 100 Somers, NY 10589 To obtain a copy of the 2010 IBM Global IT Risk Study, visit: U.S.A. ibm.com/services/riskstudy Produced in the United States of America September 2010 About the contributors All Rights Reserved Kavita Chavda, IBM Global Technology Services IBM, the IBM logo and ibm.com are trademarks of International Rich Cocchiara, IBM Business Continuity and Business Machines Corporation in the United States, other countries or Resiliency Services both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these Mark Ernest, IBM Global Technology Services symbols indicate U.S. registered or common law trademarks owned by John R. Foley, Jr., IBM Software Group IBM at the time this information was published. Such trademarks may Kristin Lovejoy, IBM Security Strategy also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and Perry Swenson, IBM Software Group trademark information” at ibm.com/legal/copytrade.shtml Richard Vining, IBM Software Group iPod is a trademark of Apple Inc., registered in the U.S. and other countries. Other company, product or service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. 1 MARKET ANALYSIS: Worldwide Data Protection and Recovery Software 2010 – 2014 Forecast: Cloud, Deduplication, and Virtualization Stabilize Market, Robert Amatruda, IDC, Doc. #24526, August 2010. Please Recycle RLW03001-USEN-00

Empfohlen

Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecXavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Laura Tibbo
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
EMC
 
Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documents
e.law International
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
EMC
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & Protect
Mike McMillan
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
William McBorrough
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
karlhennessy
 

Empfohlen

Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 DecXavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec
Laura Tibbo
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
EMC
 
Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documents
e.law International
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
EMC
 
Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & Protect
Mike McMillan
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
William McBorrough
 
Outsourcing
OutsourcingOutsourcing
Outsourcing
karlhennessy
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRC
xmeteorite
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
Chad Korosec
 
Where Is Your Sensitive Data Wp
Where Is Your Sensitive Data WpWhere Is Your Sensitive Data Wp
Where Is Your Sensitive Data Wp
tbeckwith
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up
EMC
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
Torrid Networks Private Limited
 
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
IT Network marcus evans
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
Rogers Communications
 
Streamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White PaperStreamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White Paper
NetIQ
 
Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small Business
Valiant Technology
 
Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data Backups
GFI Software
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
Luke Farrell
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk Webinar
FERMA
 
Convergence of Security Risks
Convergence of Security RisksConvergence of Security Risks
Convergence of Security Risks
Enterprise Security Risk Management
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information Security
Redspin, Inc.
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
balejandre
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
David Sweigert
 
infosec-it
infosec-itinfosec-it
infosec-it
Michael Trofi Jr. CISSP, CISM, CGEIT
 
Smarter Analytics giver dig indsigt i hele forretningen, Rich Holada, IBM US
Smarter Analytics giver dig indsigt i hele forretningen, Rich Holada, IBM USSmarter Analytics giver dig indsigt i hele forretningen, Rich Holada, IBM US
Smarter Analytics giver dig indsigt i hele forretningen, Rich Holada, IBM US
IBM Danmark
 
Conversations oneffectiveit management
Conversations oneffectiveit managementConversations oneffectiveit management
Conversations oneffectiveit management
Computer Aid, Inc
 
Financial Risk Management: Integrated Solutions to Help Financial Institution...
Financial Risk Management: Integrated Solutions to Help Financial Institution...Financial Risk Management: Integrated Solutions to Help Financial Institution...
Financial Risk Management: Integrated Solutions to Help Financial Institution...
IBM Banking
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
International Federation of Accountants
 

Weitere ähnliche Inhalte

Was ist angesagt?

200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
Chad Korosec
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
Luke Farrell
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
Conversations oneffectiveit management
Conversations oneffectiveit managementConversations oneffectiveit management
Conversations oneffectiveit management
Computer Aid, Inc
 

Was ist angesagt? (20)

SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRC
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
 
Where Is Your Sensitive Data Wp
Where Is Your Sensitive Data WpWhere Is Your Sensitive Data Wp
Where Is Your Sensitive Data Wp
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
 
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
How Infosec Can Become a Business Enabler: Interview with: Dr Tim Redhead, Di...
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
 
Streamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White PaperStreamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White Paper
 
Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small Business
 
Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data Backups
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk Webinar
 
Convergence of Security Risks
Convergence of Security RisksConvergence of Security Risks
Convergence of Security Risks
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information Security
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
 
infosec-it
infosec-itinfosec-it
infosec-it
 
Smarter Analytics giver dig indsigt i hele forretningen, Rich Holada, IBM US
Smarter Analytics giver dig indsigt i hele forretningen, Rich Holada, IBM USSmarter Analytics giver dig indsigt i hele forretningen, Rich Holada, IBM US
Smarter Analytics giver dig indsigt i hele forretningen, Rich Holada, IBM US
 
Conversations oneffectiveit management
Conversations oneffectiveit managementConversations oneffectiveit management
Conversations oneffectiveit management
 

Ähnlich wie Taming the data demons: leveraging information in the age of risk white paper

Financial Risk Management: Integrated Solutions to Help Financial Institution...
Financial Risk Management: Integrated Solutions to Help Financial Institution...Financial Risk Management: Integrated Solutions to Help Financial Institution...
Financial Risk Management: Integrated Solutions to Help Financial Institution...
IBM Banking
 
Cyber Management vfd
Cyber Management vfdCyber Management vfd
Cyber Management vfd
Ladd Muzzy
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
Daren Dunkel
 
130C h a p t e r10 Managing IT-Based Risk11 This c.docx
130C h a p t e r10 Managing IT-Based Risk11 This c.docx130C h a p t e r10 Managing IT-Based Risk11 This c.docx
130C h a p t e r10 Managing IT-Based Risk11 This c.docx
LyndonPelletier761
 
130C h a p t e r10 Managing IT-Based Risk11 This c.docx
130C h a p t e r10 Managing IT-Based Risk11 This c.docx130C h a p t e r10 Managing IT-Based Risk11 This c.docx
130C h a p t e r10 Managing IT-Based Risk11 This c.docx
herminaprocter
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
Rahul Tyagi
 
The evolving role of IT managers and CIOs
The evolving role of IT managers and CIOsThe evolving role of IT managers and CIOs
The evolving role of IT managers and CIOs
IBM Rational software
 
Risk Management
Risk ManagementRisk Management
Risk Management
robertgk00
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based security
Arun Gopinath
 

Ähnlich wie Taming the data demons: leveraging information in the age of risk white paper (20)

Financial Risk Management: Integrated Solutions to Help Financial Institution...
Financial Risk Management: Integrated Solutions to Help Financial Institution...Financial Risk Management: Integrated Solutions to Help Financial Institution...
Financial Risk Management: Integrated Solutions to Help Financial Institution...
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Cyber Management vfd
Cyber Management vfdCyber Management vfd
Cyber Management vfd
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
Getting Real About Security Management and “Big Data”
Getting Real About Security Management and “Big Data” Getting Real About Security Management and “Big Data”
Getting Real About Security Management and “Big Data”
 
130C h a p t e r10 Managing IT-Based Risk11 This c.docx
130C h a p t e r10 Managing IT-Based Risk11 This c.docx130C h a p t e r10 Managing IT-Based Risk11 This c.docx
130C h a p t e r10 Managing IT-Based Risk11 This c.docx
 
130C h a p t e r10 Managing IT-Based Risk11 This c.docx
130C h a p t e r10 Managing IT-Based Risk11 This c.docx130C h a p t e r10 Managing IT-Based Risk11 This c.docx
130C h a p t e r10 Managing IT-Based Risk11 This c.docx
 
Strategic Information Management Through Data Classification
Strategic Information Management Through Data ClassificationStrategic Information Management Through Data Classification
Strategic Information Management Through Data Classification
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
The evolving role of IT managers and CIOs
The evolving role of IT managers and CIOsThe evolving role of IT managers and CIOs
The evolving role of IT managers and CIOs
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital Future
 
Secure by design
Secure by designSecure by design
Secure by design
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based security
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of Directors
 
Enabling Embedded Business Continuity
Enabling Embedded Business ContinuityEnabling Embedded Business Continuity
Enabling Embedded Business Continuity
 

Mehr von IBM India Smarter Computing

Mehr von IBM India Smarter Computing (20)

Using the IBM XIV Storage System in OpenStack Cloud Environments
Using the IBM XIV Storage System in OpenStack Cloud Environments Using the IBM XIV Storage System in OpenStack Cloud Environments
Using the IBM XIV Storage System in OpenStack Cloud Environments
 
All-flash Needs End to End Storage Efficiency
All-flash Needs End to End Storage EfficiencyAll-flash Needs End to End Storage Efficiency
All-flash Needs End to End Storage Efficiency
 
TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...
TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...
TSL03104USEN Exploring VMware vSphere Storage API for Array Integration on th...
 
IBM FlashSystem 840 Product Guide
IBM FlashSystem 840 Product GuideIBM FlashSystem 840 Product Guide
IBM FlashSystem 840 Product Guide
 
IBM System x3250 M5
IBM System x3250 M5IBM System x3250 M5
IBM System x3250 M5
 
IBM NeXtScale nx360 M4
IBM NeXtScale nx360 M4IBM NeXtScale nx360 M4
IBM NeXtScale nx360 M4
 
IBM System x3650 M4 HD
IBM System x3650 M4 HDIBM System x3650 M4 HD
IBM System x3650 M4 HD
 
IBM System x3300 M4
IBM System x3300 M4IBM System x3300 M4
IBM System x3300 M4
 
IBM System x iDataPlex dx360 M4
IBM System x iDataPlex dx360 M4IBM System x iDataPlex dx360 M4
IBM System x iDataPlex dx360 M4
 
IBM System x3500 M4
IBM System x3500 M4IBM System x3500 M4
IBM System x3500 M4
 
IBM System x3550 M4
IBM System x3550 M4IBM System x3550 M4
IBM System x3550 M4
 
IBM System x3650 M4
IBM System x3650 M4IBM System x3650 M4
IBM System x3650 M4
 
IBM System x3500 M3
IBM System x3500 M3IBM System x3500 M3
IBM System x3500 M3
 
IBM System x3400 M3
IBM System x3400 M3IBM System x3400 M3
IBM System x3400 M3
 
IBM System x3250 M3
IBM System x3250 M3IBM System x3250 M3
IBM System x3250 M3
 
IBM System x3200 M3
IBM System x3200 M3IBM System x3200 M3
IBM System x3200 M3
 
IBM PowerVC Introduction and Configuration
IBM PowerVC Introduction and ConfigurationIBM PowerVC Introduction and Configuration
IBM PowerVC Introduction and Configuration
 
A Comparison of PowerVM and Vmware Virtualization Performance
A Comparison of PowerVM and Vmware Virtualization PerformanceA Comparison of PowerVM and Vmware Virtualization Performance
A Comparison of PowerVM and Vmware Virtualization Performance
 
IBM pureflex system and vmware vcloud enterprise suite reference architecture
IBM pureflex system and vmware vcloud enterprise suite reference architectureIBM pureflex system and vmware vcloud enterprise suite reference architecture
IBM pureflex system and vmware vcloud enterprise suite reference architecture
 
X6: The sixth generation of EXA Technology
X6: The sixth generation of EXA TechnologyX6: The sixth generation of EXA Technology
X6: The sixth generation of EXA Technology
 

Kürzlich hochgeladen

👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
dlhescort
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
lizamodels9
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Damini Dixit
 

Kürzlich hochgeladen (20)

👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 

Taming the data demons: leveraging information in the age of risk white paper

  • 1. IBM Global Technology Services September 2010 Thought Leadership White Paper Taming the data demons: leveraging information in the age of risk
  • 2. 2 Taming the data demons: leveraging information in the age of risk Contents identify these downside risks ahead of time, accurately evaluat- ing their effect on the business, and putting processes and 2 Introduction safeguards in place to mitigate them. This is true of every type 3 Data risk management defined of risk an organization faces—business-driven, event-driven and, especially, data-driven risk. 4 Meeting the unrealized need With data being the new world currency, and the cost of 4 Yesterday’s data risk management—saying “no” maintaining and protecting that data running exponentially 5 Today’s data risk management—saying “yes” higher than the cost to capture it in the first place, data risk management is assuming a new importance among IT and 5 It starts with governance line-of-business executives alike. 6 The trouble with silos It may not be enough, however, to simply assign data risk 6 The shortest distance between data and its safety management a new level of importance. A new point-of-view 7 Data on the move may be required, as well. A holistic point-of-view that makes data risk management an integral part of both enterprise- 9 Holistic has its benefits wide data polices and business strategies. A point-of-view that has the potential to deliver lower cost, faster return on 9 IBM can help investment, better compliance and a more flexible and resilient 12 For more information organization. Introduction This white paper explores the framework and advantages of a holistic approach to data risk management, and provides both Innovative companies understand that risk is essential to IT and line-of-business executives with the “why” and “how” growing a business. Every initiative that has the potential to to begin putting a holistic data risk management program to break new ground, open up new markets or extend a competi- work in organizations large and small. tive advantage also has a potential downside. The key is to
  • 3. IBM Global Technology Service 3 Data risk management defined organizations that never previously considered themselves to There is no getting around it, if a business today loses access be potential targets for hackers, or maintainers of sensitive to its data, it is soon out of business. There are many reasons customer data, now find themselves every bit as responsible why an organization could find its access to reliable, secure for compliance as banks, hospitals and other traditional sub- data compromised—everything from a missing laptop to a jects of compliance regulations. corporate merger to a hurricane (see Figure 1). Then there are the legal and compliance requirements. In fact, many IT security 78% Hardware and system malfunction 63% Power failure 50% Physical security 40% Theft 28% Product quality issues 25% Federal compliance issues 22% Natural disaster 17% E-discovery requests 13% Supply chain breakdown 11% Terrorism activity 6% Source: 2010 IBM Global IT Risk Study Figure 1: Today’s organizations face a wide range of risk issues, almost all of which have an impact on that organization’s data.
  • 4. 4 Taming the data demons: leveraging information in the age of risk It is more important than ever that data Many organizations simply do not realize the positive role data risk management can play in their efforts to make cost- risk management processes be part of an and business-effective use of their data. Efficient data risk integrated whole. management not only leverages IT’s enterprise-wide view of the business and its data to create a more complete picture of Data risk management provides the methodology by which all the data, its value and its risk issues—it can bring to light new, data risks—internal and external, IT- and business-related— more responsible, more profitable ways of capturing, storing are identified, qualified, avoided, accepted, mitigated or and delivering that data for business advantage. transferred out. In today’s global marketplace, where multiple locations and a blend of in-house and vendor solutions must Most organizations do not realize the posi- work together instantly and seamlessly, it is more important than ever that an organization’s data risk management tive role data risk management can play in processes and procedures be part of a coordinated and well- their business strategies. thought-out whole. In this way, the complete risk picture of every type of data an organization possesses can be accurately Yesterday’s data risk management— assessed over its entire lifespan; negative risks can be mitigated and positive risks can be leveraged for business gain. saying “no” Up to now, most organizations’ approach to data risk manage- ment has been reactive. Focus has been on negative risks such Meeting the unrealized need as hacking, theft and data system failure. The response has Data is not just growing, it is exploding. According to IDC, been to say “no”—to severely limit access to data, build hefty organizations are facing, on average, 50 to 60 percent average firewalls and deal with each new threat as it is exposed, often data growth.1 And for every $1 spent creating data, another at great expense to both the data systems and the business. $10 to $12 may be required to manage that data. With all this data, and all this money being spent on creating and maintain- ing it, it only makes smart business sense to strive for maxi- No one in the organization may have an mum return for that money. Not to mention reducing the cost accurate picture of data’s business value. wherever possible.
  • 5. IBM Global Technology Service 5 Mitigating negative risk is important, but risk avoidance is Holistic data risk management is about only one half of robust data risk management. Unlocking the opportunity inherent in positive risk is the other half. saying a protected and measured “yes.” Unfortunately, positive risk is hard to see behind the silos. Data risks have been traditionally compartmentalized into silo It starts with governance categories such as availability, access security and disaster Governance is where holistic data risk management begins, recovery. The data itself is also often compartmentalized by and what separates it from traditional, reactive risk manage- department and data type. What this means is that no one in ment. Good governance builds the data risk policies and the organization has a complete picture of where the data is, procedures into business systems and processes as they are how and when it is being used, and what its business value created and implemented—making data risk management truly is. As a result, most organizations’ data risk efforts are more robust while remaining virtually transparent to users simply reactive cost centers rather than proactive value inside and outside the organization. creators. Robust governance helps assure that there is Today’s data risk management— saying “yes” a proactive approach to current and future Truly effective, holistic data risk management is not primarily data risks. a data issue or a risk issue; it is a management issue. Holistic data risk management takes a business-oriented approach, Data risk governance is like a guidebook everyone refers to in looking first at the business processes, then at the related order to be sure they are all on the same page. It provides the data—assigning positive and negative risk evaluations based on policies, controls and operational guidelines that enable risk- use of the data across the organization and between the organ- responsible individuals throughout the organization to thor- ization and its customers, partners and vendors. Holistic data oughly and correctly assign risk type and severity to data and risk management is about saying a measured, protected and its related systems and processes and either leverage or miti- well-planned “yes” to new opportunities, new markets and gate that risk. new competitive postures.
  • 6. 6 Taming the data demons: leveraging information in the age of risk An effective data risk governance policy helps drive business Data silos are not the only ones that need to be addressed in a value through its ability to: good data risk management plan. There are also risk silos, such as availability, data security, access security and disaster ● Increase compliance and regulatory adherence recovery. In the 2010 IBM Global IT Risk Study, 47 percent ● Enhance business intelligence capabilities of the respondents reported that even risk planning itself hap- ● Facilitate alignment of IT data initiatives and business pens in silos. These risk silos have traditionally been consid- strategies, including management of business and IT growth ered distinct disciplines but now need to be brought together ● Improve ability to measure, monitor and improve business to give a more accurate and complete risk picture. performance ● Reduce complexity to help improve business flexibility and By breaking down the barriers that have traditionally defined accelerate strategic initiatives. data use, not to mention business processes and strategic planning, holistic data risk management can serve as both a The trouble with silos proving ground for more extensive organizational risk man- To drive up the value of data risk management initiatives, agement changes and a source of new inspiration for every- organizations have to drive out complexity—and that means thing from corporate structure to new products and services. silos. Getting rid of as many data silos as possible is a good first step. Some of those data silos are obvious, such as the The shortest distance between data and its safety data that is stored separately by each department and internal A straight line is, of course, the shortest distance between two versus externally created data. Some silos are not so obvious, points. The more often the lines that connect data to other such as those that separate structured data such as order forms data, people and places can be straightened, the more effi- and inventory tracking from unstructured data such as e-mails ciently data risk can be managed. One way to straighten and corporate correspondence. out—and optimize—data lines is by eliminating redundancy. The more often the same data is repeated throughout an organization’s systems, the greater the risk that it can become Data silos are not the only barriers that corrupted, accessed inappropriately or updated inconsistently. need to be eliminated in effective data risk management—consider business silos, even risk silos.
  • 7. IBM Global Technology Service 7 Accurate, ongoing prioritization of data second state—data on the move—to add new access points that reflect the changing nature of the workplace and to pro- is crucial to effective, efficient data risk tect those access points from exploitation. management. Holistic data risk management addresses Prioritization is another important optimization technique. Without it, an organization has no way of knowing how the risk inherent in all data states—at rest, mission-critical any specific piece or type of data is. As a in motion and in use. result, many organizations seek to protect all data as if it were mission-critical, resulting in much higher-than-necessary risk Virtual private networks, remote access, smartphones, even management costs. Other organizations pursue lower costs by iPods have now become mainstream business tools, and assigning all data middle-of-the-road protection, leaving their technologies such as cloud computing are coming on quickly. truly critical data painfully exposed. When an organization Traditional data risk management, with its emphasis on assigns data a relative priority that is based on a thorough limiting access and locking down data, has simply locked understanding of what the data is, how and where it is used these technologies out. The 2010 IBM Global IT Risk Study and how it contributes to business goals and the organization’s revealed that 64 percent of respondents viewed social net- bottom line—such as happens within robust data risk working tools as extremely risky/risky, for example. The governance—the organization can be assured that it has problem with this approach is that as long as these technolo- adequately protected all its data in the most cost-and gies are being used, data is being created on them—data that resource-efficient manner. is residing outside the enterprise and its security and risk management protocols. Now is the time to welcome that Data on the move data, and the technologies that create and access it, into the Data is defined as being in one of three states: 1) at rest in organizational fold and take full advantage of the adaptability storage, 2) in motion in the network, 3) in use on the desktop, and flexibility the technologies provide. A holistically planned as illustrated in Figure 2. A good data risk management plan and implemented data risk management initiative can make addresses the risks inherent in all three states. A holistic data this possible. risk management plan takes a new and expanded look at the
  • 8. 8 Taming the data demons: leveraging information in the age of risk Measurement of a successful holistic data risk management program can go far beyond standard metrics. Data risk management standards and practices should: Define the scope of risk analysis. Identify the business activities, Data at Data in Data in ● initiatives and supporting technologies and infrastructure rest motion use elements that will be included in the data risk management effort. ● Identify and define risks. Map each business activity to poten- tial threats and the data that could be at risk. ● Assess the likelihood of risk occurrence and level of impact. Calculate the probability and severity of an actual breach Figure 2: An organization’s data exists in one of three states at any given from the scope of business activities, resulting in an overall time, with different risks inherent in each state. view of risk. ● Evaluate controls. Assess the quality of existing controls used Setting the standards to prevent, detect and mitigate risks, factoring in cost versus No good initiative is complete without establishing the means value provided. to measure its success. The same is true for a good data risk ● Assess risk and determine treatments and responses. Review risks management plan. The benchmark measurements have not relative to risk appetite, then prioritize risk reduction activi- changed: service level agreements (SLAs) for availability and ties and select investments based on cost/benefit analysis. access; recovery time objectives (RTOs) and recovery point ● Implement risk reduction actions. Develop, test and implement objectives (RPOs) for disaster recovery; labor, systems and detailed plans for risk treatment. bandwidth costs for data access; application impact for ● Provide ongoing monitoring and feedback. Continually collect security. But there are other standards and practices, applica- data on threats, impacts and effectiveness of current risk ble to IT risk management in general and data risk manage- management process and adjust risk action plans and ment in particular, that need to be part of a holistic data risk processes accordingly. management plan. ● Address the positive side of risk. Provide a more complete risk picture by balancing the potential negative risk inherent in growth such as new offices, new servers and distributed data with the potential positives such as shortened time to market and improved customer acquisition, retention and service.
  • 9. IBM Global Technology Service 9 Holistic has its benefits ● Heightened ability to win business and maintain existing The most immediate reasons to consider putting a holistic contracts/customers data risk management plan into action are the monetary ones. ● New capabilities to innovate and drive competitive solutions A holistic approach to data risk management can help trans- ● Easier assimilation of acquisitions and mergers form an organization’s risk-related activities from a cost center ● New responsiveness to customer requests and feedback to a value center by: ● New solutions to help grow market share. ● Delivering considerable savings over traditional data IBM can help risk management efforts—sometimes as much as 20 to IBM’s holistic view of data risk management—and the prod- 30 percent ucts and services that make that view a reality for our clients— ● Helping to avoid contractual, industry and regulatory is part of the IBM Security Framework, a combination of penalties model and methodology that is optimized to allow organiza- ● Creating and maintaining one set of processes, leading to tions to understand core business processes, the threats and reduced redundancies compared to traditional data risk vulnerabilities associated with the processes and the ability to management efforts make viable recommendations for the whole. ● Helping to enable new revenue streams ● Allowing for faster market rollout of new initiatives, prod- The IBM Security Framework encompasses: ucts and services. 1. People and identity 2. Data and information Potential benefits to holistic data risk man- 3. Application and process agement include faster time to market and 4. Network, server and endpoint a new responsiveness to customer requests. 5. Physical infrastructure. There are additional benefits to holistic data risk management that go beyond immediate cost savings. These can include: ● Smoother expansion into new markets ● The ability to take on new global partners safely and securely expand relationships with existing partners
  • 10. 10 Taming the data demons: leveraging information in the age of risk By placing its data risk management solution within this framework, an organization can be assured that an extensive IBM Security Framework knowledge of best practices, proven expertise and global reach have been fully leveraged for its benefit. The organization will also know that its data risk management solution has the abil- SECURITY GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE ity to fit together with other framework security solutions across the enterprise. PEOPLE AND IDENTITY Utilizing the IBM Security Framework, DATA AND INFORMATION organizations can implement holistic data risk management at the speed and scope APPLICATION AND PROCESS that matches their needs. NETWORK, SERVER AND END POINT Individual IBM data risk management solutions have been designed to help organizations qualify risk, forecast in a more PHYSICAL INFRASTRUCTURE proactive manner and establish controls to mitigate exposures. Using a highly modular approach, organizations can imple- ment the process areas that can help generate the greatest Common Policy, Event Handling and Reporting value today and then add others as needs change. Professional Managed Hardware services services and software IBM’s holistic approach to data risk management also includes access to extensive industry knowledge and industry-specific solutions that cover important data risk areas such as PCI compliance and remote data protection. Figure 3: The IBM Security Framework provides a risk model, methodol- ogy and links to a robust portfolio of data risk management solutions.
  • 11. Notes
  • 12. For more information If you and your organization would like to learn more about the holistic approach to data risk management, what this approach can do for your organization and how IBM can help you achieve its full benefits, please contact your IBM market- ing representative or IBM Business Partner, or visit the fol- © Copyright IBM Corporation 2010 lowing website: ibm.com/smarterplanet/security IBM Global Services Route 100 Somers, NY 10589 To obtain a copy of the 2010 IBM Global IT Risk Study, visit: U.S.A. ibm.com/services/riskstudy Produced in the United States of America September 2010 About the contributors All Rights Reserved Kavita Chavda, IBM Global Technology Services IBM, the IBM logo and ibm.com are trademarks of International Rich Cocchiara, IBM Business Continuity and Business Machines Corporation in the United States, other countries or Resiliency Services both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these Mark Ernest, IBM Global Technology Services symbols indicate U.S. registered or common law trademarks owned by John R. Foley, Jr., IBM Software Group IBM at the time this information was published. Such trademarks may Kristin Lovejoy, IBM Security Strategy also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and Perry Swenson, IBM Software Group trademark information” at ibm.com/legal/copytrade.shtml Richard Vining, IBM Software Group iPod is a trademark of Apple Inc., registered in the U.S. and other countries. Other company, product or service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. 1 MARKET ANALYSIS: Worldwide Data Protection and Recovery Software 2010 – 2014 Forecast: Cloud, Deduplication, and Virtualization Stabilize Market, Robert Amatruda, IDC, Doc. #24526, August 2010. Please Recycle RLW03001-USEN-00