Safeguarding data - it's all in the process

David Lacy mentions in his latest blog that our ability to safeguard data depends upon “sensible application of well-established security technologies.” I am in complete agreement and this remark also relates to our efforts to maintain regulatory compliance: as I discussed in my blog yesterday.

At the present time I’m working on a method of categorising web products according to their risk profile: the profile is based upon strategic importance, revenue and, of course, the regulatory aspects. By doing this work, we can ensure that a security policy is applied that relates to the risk posed by the product. Of course, just having a policy doesn’t provide assurance. That assurance comes through having good development processes throughout the life-cycle, and having thorough risk assessment, review, and risk mitigation processes. It’s all part of having a sound Risk Management Plan (RMP). The RMP is the foundation of my work and over the next year I’ll be providing some insight into how successful or otherwise this is.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.