"Information security is in the stage of transformation and requires that right nourishment and nurture, which will develop it, into a fullfledged entity"
Simple measures to veer threats for securing data
Information security is now a growing child which has transformed itself from its infant stage. Just as, when a child grows, enters adolescence and matures, it comes across many new surprises, faces a lot of hurdles, evolves from those trials and turbulences and finds a way out to turn into a complete personality. Similarly, information security is in this stage of transformation and requires that right nourishment and nurture, which will develop it, into a full- ledged entity. The hurdles, trials and turbulences that are encountered in its way, are the sense of insecurity that has been brought in or created today by the surprising innovations and concepts like cloud computing, mobile devices or mobile computing, big data, BYOD and social networking etc. The challenge is to counter the spikes of insecurity against data theft, data loss, data diddling, data misappropriation data sabotage etc., and then emerge successful. Finally, if you see, it is the data that needs to be protected, secured and sanitized in all these cases of innovation and concepts. It is the data that is targeted for any pecuniary benefit or extortion or felony or crime by the fraudsters/crackers/hackers/ hacktivists alike.
In information security, there is no one size that fits all, but each area mentioned above has to be handled separately to have effective control, protection, prevention, detection and correction against the impending threats and dangers to the data. Data protection is an art. Data can exist in two forms, one is static and other dynamic, that is in other words, data that is in transit. Apart from having various tools and surveillance boxes to protect such data from any mishap of loss, theft, pilferage, sabotage, manipulation etc, it is necessary that an organization has in place, a system of building a defense in depth mechanism around the data. Besides, the adherence to laid down system and procedures for securing the assets, data storage and data movement is very important. Some simple measures taken can pay rich dividend for data protection.
The abridged forms of such simple measures are:
• Identify/tag your asset
• Classify your asset as critical/vital/ sensitive/non-sensitive/non-critical
• Classify data in your asset or in transit as secret/confidential/private/public
• Keeping a tab on the movement of your assets and record it properly
• Have a checksum or encrypt the data that is stored locally or elsewhere and/or that which is in transit
• Port trusted anti-spam/anti-virus/antimalware software for data protection and update regularly
• Seal unwanted ports for data access in your network
• Ensure proper configuration of your firewall/UTM/IDS/IPS/Network implements/boxes and review them regularly
• Ensure change management procedures for all changes effected – standard or emergency
• Identify your vendor properly in all cases especially in cloud computing
• Ensure vendor level of security, have proper SLA/NDA with them, conduct regular third party security audit etc.
• Have a robust user acceptance policy and policies for access [both local and remote] to e mail/mobile/laptop/BYOD etc usages
• Restrict data access and isolate social network sites wherever necessary