The Role of Information Assurance in Managing Data Security.

Author:Panesar, Dan

A new year is the time for lots of pledges of how things will be done differently: new targets to meet, processes to drive forward and the chance to make positive changes.

It's not surprising that the information and cyber security industries aren't exempt from this, as it's no secret that both industries faced more than a few challenges last year. First came the build-up and introduction of the General Data Protection Regulation (GDPR) in May 2018, putting severe fines in place for any future data breaches. Then there was the challenging political and economic climate, the scare of being the next victim of a high-profile data breach and the rise of new technology such as Artificial Intelligence and machine learning to contend with. All in all, it wasn't an easy year.

However, the volume of data breaches alone is not the shocking factor, and should no longer be the focus for any CISO looking to make a difference to their organisation's cyber security strategy. The difference now is the size and scale of the data breaches and the nature of the sensitive and critical data stolen; hackers have moved on from email addresses to instead seek out passport numbers and CVV data from credit cards, and are able to spend far longer strolling around an organisation's network without being detected. Take the Marriott International data breach from November 2018 as an example; hackers had been able to access the network for four years with no unusual activity detected or any alerts raised. It has since been revealed approximately 5.25 million unique unencrypted passport numbers were part of the vast volume of data stolen.

Supporting IT evolution

Networks can quickly become a web of users, devices and applications, all requiring different access controls and requirements to keep the data safe. In line with this, organisations have evolved beyond perimeter-only security models to increasingly lock down data--both at rest and in motion. A fundamental part of this is encryption, but to be effective, encryption must enhance, not constrain IT evolution.

However, embedding cyber security solutions into an organisation's network creates a number of challenges in itself: higher complexity, scalability becoming a real headache and key management and...

To continue reading