The Standard

Top four data security challenges

By Standard Digital | 14yrs ago

By Muthoga Kioni

Ensuring information is secure in a company is challenging at the best of times. The risks are numerous and fluid. The impact of an information security breach to a company is subsequently high.

The first common challenge is not knowing who in the company uses what sensitive data. Not many organisations perform audits/inventories of sensitive data. An inventory should be initiated to develop a data flow map that charts sensitive data and employees who use the same. This data map will help in identifying the vulnerable points in your information infrastructure.

Another regular challenge is not protecting sensitive data appropriate to its value. Data generated and stored by any organisation (or individual) has an intrinsic value. It is important for management to have a sense of the worth of sensitive data to the company. For example the recipes of a confectionary company can be considered very sensitive. It is, therefore, prudent to conduct a data asset valuation that evaluates and determines sensitive corporate data. It is then possible to apply justifiable information protection resources to these data.

Awareness programs

The third challenge is the propensity of companies to embark on redundant information security compliance projects. Data security regulations are developed and implemented by various regulatory bodies, for example the Communications Commission of Kenya (CCK). To reduce redundant compliance efforts it is crucial to develop a regulatory compliance grid. This grid indicates which specific data elements/databases are covered by information security regulations. The grid will facilitate the focusing of resources on protecting the really important data for example credit card data.

The final difficulty is the implementation of simple annual security awareness programs. Most companies conduct these programs to show their employees/contractors that they are serious about information security. Questionnaires are distributed; sensitisation talks conducted and expansive warnings are dispensed. This is not enough. An information protection testing program should substitute these awareness programs. The main objective of protection testing programs is to test the data handling procedures and policies in the organisation. Samples of employees/contractors who handle sensitive information should be targeted.

Identifying these common challenges is necessary.

The writer is an ICT Security and Forensic Specialist. Email: [email protected]

Related Topics

data ICT computer internet Communications Commission of Kenya CCK
.

Latest Stories

Flood warning issued after Masinga Dam overflows
Flood warning issued after Masinga Dam overflows
Eastern
By AFP
12 mins ago
How 'photocopying' money for music video landed artiste behind bars
Entertainment
By Boniface Mithika
21 mins ago
Premium CDF Ogolla's last moments in troubled North Rift
National
By Standard Team
32 mins ago
.

The Standard Insider

CDF Ogolla's last moments in troubled North Rift
By Standard Team 32 mins ago
Premium CDF Ogolla's last moments in troubled North Rift
Military top shots likely to succeed CDF Ogolla
By Fred Kagonye and Benjamin Imende 32 mins ago
Premium Military top shots likely to succeed CDF Ogolla
General Ogolla: Gallant officer rose to the top of Defence Forces
By Brian Otieno 32 mins ago
Premium General Ogolla: Gallant officer rose to the top of Defence Forces
Why fake certificates for jobs in public service is organised crime
By Michael Ndonye 32 mins ago
Premium Why fake certificates for jobs in public service is organised crime
.

Digger Classified

DIGGER MOTORS

DIGGER JOBS

DIGGER REAL ESTATE

GET OUR NEWSLETTER

Subscribe to our newsletter and stay updated on the latest developments and special offers!

CONNECT WITH US

FOR THE LATEST JOB ADVERTS

join Digger Classifieds telegram channel
The Standard
© 2024. The Standard Group PLC. All rights reserved