Career Insights with Upasana Gupta

2011 Data Protection Agenda

Lessons Leaders Have Learned from WikiLeaks
2011 Data Protection Agenda

Incidents such as the WikiLeaks disclosures and resulting fallout are pushing leaders to redefine their data protection agenda for 2011 and think about their organizations' vulnerabilities.

Specifically, security leaders say they now need to assess the content of their written communications - and probably the way they think and operate - out of fear of public disclosure of confidential information.

"Reputation damage" is the operative term, and among the action items on leaders' agendas:

Re-Evaluate Access. "IT leaders should reassess how their organizations are addressing need-to-know requirements relative to access to sensitive data," says Patrick Howard, chief information security officer at the Nuclear Regulatory Commission. Security leaders need to be able to prove to other organizations that they are appropriately protecting information shared with them, and provide assurance that access to sensitive information is based on need-to-know, and also that the need is continually assessed using sound management procedures.

An action item in this area is to initiate effective personal evaluation processes to ensure that the behavior of trusted users is monitored regularly to reassure they deserve the trust granted to them, says Howard. Leaders will now spend more time gauging and understanding their employees' intent and motives.

Risk Assessment. This is a good time for IT security leaders to review their current practices, risk posture and to validate that solid controls are in place. Security leadership should focus on their own information, what the associated risks are of how it is used, how it is accessed and by whom, says Robert Stroud, vice president at CA Technologies. "It is important for those in security to understand the information that their enterprise has and what its risk level and classification are."

Incident Response. Also on the radar for 2011 is focus on effective business continuity and incident response planning to combat such events as the WikiLeaks disclosures. "Senior security leaders should already be prepared to handle security breaches," says Stroud. "Diligence is critical, and security leaders cannot become complacent once they have established their security program."

The 2011 data protection agenda for security leaders, therefore, goes beyond establishing appropriate controls; managing the flow of corporate-wide information; granting rightful employee access; and monitoring trusted users. It involves taking up complete ownership of building and protecting a reputation.

The issue is much more than preventing a breach or data loss; it is how leadership roles need to change going forward in terms of protecting reputational risk. The agenda ultimately comes down to how leaders grasp the significance of the threat and steps they take to anticipate and respond to such events.

Given this new climate, what is on your 2011 leadership agenda for data protection?



About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.