Determining how to properly classify your data and implementing the appropriate controls for your organization’s critical information assets can be a formidable task. The various methods of how business units create and use their data often make it difficult to properly identify what information is critical and when and how it needs to be protected.
Data Security Consulting uses an effective and concise methodology to help educate your employees, enable your business units to properly document critical information assets with the correct classification and protection. This process is well documented and presented to the security leadership team with a management summary including a description of the information and its use, the relative risk level for each threat, existing controls and the security controls requested by the business owner.
Sample Key Deliverables
- Critical information assets report including process flows and use by business unit
- “How To” guide to data classification for business units and employees daily use
- Integration plan with existing Data Loss Prevention program
- Training that enables your staff to conduct re-assessments using the same methodology
- Improve current information security controls and strategies
- Identify proper data handling based on approved classification therefore closing gaps in information protection
- Obtain buy-in for information security strategy from key stakeholders
- Provide staff with a repeatable method for current and future data classification needs