Data Discretion
Rimesh Patel CEng
What it means for Cyber Security?
For consumers it means they have better confidence that their business data has been considered to represent data privacy. For businesses it means they can better apply security controls during risk assessments as data is better categorised against actual business data sets, and for industry, it allows us to assess third party suppliers more granularly against data regulations.
In practice, the use of data discretion will let you better categorise for cyber solutions such as DLP, IAM, OWASP & WAF, SDLC and even DDOS. Historically you might have used all these solutions to monitor hardware and software compromises only, but now, the data layer of your ecosystem also needs monitoring. It has always been there, we just never had a need to strongly demonstrate how these solutions help with data monitoring, for example, for insurance purposes, how does your system guarantee that data remains within its applicable scope, what mechanisms do suppliers use to demonstrate data process is regulated for applicable laws.
It is only when you identify which data categories are applicable to your business processes can you then understand how the different technology abstract layers that you have will allow you to take your quantitative data so you can consider it like qualitative data by using relevant data attributes for predictive, interval, concept or heat mapping activities - at this point you can be sure that your selected cyber security control frameworks are going to better serve you as you know where to implement control mechanisms to mitigate your technology risks which interact with all your data classes, sets and reference categories.
Our packages at SAIBER Ltd take into consideration techniques such as data discretion by design already, so you can feel assured your data journey is aligned to your cyber security controls on a granular level for your product design, devops engineering, micro-services, giving you data based security operations so you can reflect this with ease into your polices, governance structure to have the security posture you deserve.
#RUCyberReady
What does 2026 mean for Cyber Security?
What does 2025 mean for Cyber Security?
What does 2024 mean for Cyber Security?
Securmeo & Cyberette
What does 2023 mean for Cyber Security?
What does 2022 mean for Cyber Security?
What it means for Cyber Security ?
Empower your customers and partners, by not being their digital weakest link.
What to expect in 2021 for digital ecosystems.
For your customer it means they feel safe and confident that your products or services are less likely to get caught out by the trending hack in the news. For your business, it means you are not the weakest link in the supply chain, and for industry, you can interact with others who also demonstrate good governance a chosen threat and vulnerability management framework. A vulnerability management framework has to consider assets, inherent risks and frequency of threats, including; Secure Development Life Cycle Programme User Acceptance Testing & Penetration Testing Risk Remediation & Ownership Resilience Services Patch Scheduling A vulnerability management programme will unite the above into one programme that will increase your security posture. If you are dependent on your online internet facing servers, laptops or devices, then having a dedicate resource is recommended, you can also look at outsourcing repeatable activities, however assessing each risk should have final sign-off from internal leads only. Internal risk postures are constantly moving as are external ones, so making the assessment on how actual attack vectors are going to effect your core business activities is best done internally as the vulnerability categories for risk remediation is only understood by you - including how they effect your security policy. You might have a vulnerability management policy, especially if you are risk appetite is low or your core business interacts with regulated products like heath devices, smart vehicles, utility services or any critical service. Having a dedicated policy will let you validate you have selected the right framework to make assessments of each vulnerability and making sure old vulnerability patterns are not repeated. A good vulnerability management programme will make sure you own your risk and have the right security controls in place, even if you use compensatory controls, they too will be in scope for vulnerability tests, so you must know how your resilience frameworks take effect if those controls fails. SAIBER Ltd's Vendor Neutral Vulnerability Management package will let you execute vulnerability management efficiently by empowering your resources will the correct mechanisms that consider all the above, including technical assessments. #RUCyberReady