Skip to content

You Can’t Protect What You Don’t Know About

There are a lot of compliance Standards to keep up on:

HIPAA¹ - Health Insurance Portability Accountability Act

PCI DSS² - Payment Card Industry Digital Security Solutions

ISO 27000³ - International Organization for Standardization (HQ in Geneva, Switzerland)   I discussed ISO before : http://oversitesentry.com/ngfw-tech-half-battle-in-orgs/

Among others (Sarbanes Oxley)

 

But what if you don't even know what you have?

Have you spent the time to look at all of your digital data?

What do you use every day? Excel and Word files?

Have you had a 3rd person look at your data and review the outcome with you?

Did you set up a Risk management matrix? Likelihood -- Consequences

Maybe you don't really know what database is the most important?

riskmanagmentmatrix

This is a framework diagram from NIST document :

riskmanagamentframework

It is important to set a number from 1 to 5 to the importance of different digital properties.

Set an importance to impact to your business (low-medium-high

the ensuing matrix will tell you in a glance what you need to know for business risk and what resources you should spend and why.

Contact me Tony Zafiropoulos 314-504-3974 and I will be happy to discuss this with you as I have done this with clients.

It is good to know what you have and how to protect it.

cybersecurityloganalysis

  1. http://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
  2. https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf
  3. https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1:en