Abstract

  


 



Managing Risk - A Realistic, Cost-Effective Approach for Securing Data throughout Its Lifecycle


Ulf T. Mattsson


Protegrity Corp.
May 6, 2009


Abstract:     
Data breaches at companies such as payment card processors Heartland Payment Systems and RBS WorldPay as well as retailer Hannaford Bros. all of whom had been certified compliant with the Payment Card Industry Data Security Standard (PCI DSS), have proven the sad truth: compliance is no guarantee that an enterprise won't suffer a data breach.

The problem is that PCI, like other industry and government security standards, addresses only segments of an enterprise ecosystem. Plus PCI is really meant to be a starting point -- basic best practices -- not a destination. Consequently PCI has some notable gaps, the most critical being that it currently focuses strongly on encryption for data at rest. While most data is at rest much of the time, securing only stored data leaves data unprotected at the point of acquisition or in transit, and attacks on these points are occurring with increasing frequency.

As Rep. Yvette Clarke (D-N.Y.) said at a recent hearing on data security held in the U.S. House of Representatives, it’s time to “dispel the myth once and for all that PCI compliance is enough to keep a company secure." All enterprises need to move beyond basic regulatory compliance and develop their own customized plans to manage and protect data throughout its entire lifecycle. A risk-based classification process enables businesses to determine their most significant security exposures, target their budgets towards addressing the most critical issues and achieve the right balance between cost and security.

In this interview Protegrity’s CTO Ulf Mattsson discusses the risk-analysis processes that can help companies achieve cost-savings while measurably enhancing their overall data security profile with a holistic plan that protects data from acquisition to deletion.

Number of Pages in PDF File: 7

Keywords: Performance, Database Security, Encryption, Privacy, VISA CISP, GLBA, HIPAA, PCI

JEL Classification: O31

working papers series


Download This Paper

Date posted: May 6, 2009 ; Last revised: May 12, 2009

Suggested Citation

Mattsson, Ulf T., Managing Risk - A Realistic, Cost-Effective Approach for Securing Data throughout Its Lifecycle (May 6, 2009). Available at SSRN: http://ssrn.com/abstract=1400129 or http://dx.doi.org/10.2139/ssrn.1400129

Contact Information

Ulf T. Mattsson (Contact Author)
Protegrity Corp. ( email )
One Cantebury Green
Stamford, CT 06901
United States
HOME PAGE: http://www.ulfmattsson.com
Feedback to SSRN (Beta)


Paper statistics
Abstract Views: 589
Downloads: 93
Download Rank: 141,835

© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright
This page was processed by apollo5 in 0.766 seconds