Doing More with Less - A Risk-Based, Cost-Effective Approach to Holistic Security
11 Pages Posted: 22 Mar 2009 Last revised: 1 Apr 2009
Date Written: March 19, 2009
Abstract
Data security plans often center around the "more is better" concept. These call for locking everything down with the strongest available protection and results in unnecessary expenses and frequent availability problems and system performance lags. Alternatively, IT will sometimes shape their data security efforts around the demands of compliance and best practices guidance, and then find themselves struggling with fractured security projects and the never-ending task of staying abreast of regulatory changes.
There is a better way - a risk-based classification process that enables organizations to determine their most significant security exposures, target their budgets towards addressing the most critical issues and achieve the right balance between cost and security. In this article, I discuss the risk-analysis processes that can help companies achieve cost-savings while measurably enhancing their overall data security profile by implementing a holistic plan that protects data from acquisition to deletion.
Keywords: Performance, Database Security, Encryption, Privacy, VISA CISP, GLBA, HIPAA, PCI
JEL Classification: O31
Suggested Citation: Suggested Citation