Security Think Tank: Identify and protect the crown jewels

The rapid rise in cyber espionage highlights the need to rethink data security strategies to improve protection of intellectual property. But what is the best way of doing that?

After you identify the crown jewels, in this case the intellectual property (IP), identify the people, the processes, the procedures, the functions and, yes, the people (re-emphasising the people requirement) that either deal directly or indirectly with the IP (and that includes third-party providers). 

Once you have all the necessary inventory at hand, engage the legal and human resources departments to identify the best approach. Some topics for discussion include: 

  • Third-party contract review;
  • Third-party assessments for security due diligence;
  • Vetting the critical resources (read humans) – most companies still do not carry out background checks on their senior executives. 

An additional approach could be: 

  • Align the security strategy with the business strategy and ensure that any projects, big or small, first and foremost, align with the key strategic objectives;
  • The information security officer must be a key member of the organisation's project management office or equivalent, and consequently there must be appropriate infosec gates or checkpoints throughout, starting at the conceptual stage;
  • In addition, IT operations and infosec need to work together to ensure that new software and tools, that are normally considered for purely cost-saving reasons, must be vetted by the information security office to ensure that the output and benefits of such work are in line with the overall strategic objectives. 

Amar Singh is chair of Isaca Security Advisory Group.

Read more on Hackers and cybercrime prevention