SecureState Blog

Read SecureState's award winning blog.

Data Security is the practice of keeping data protected from unauthorized access and corruption. The focus behind data security is to provide privacy while protecting personal or corporate data. Data is the raw form of information stored in databases, network servers and personal computers. This may be a wide range of information from personal files to intellectual property to market analytics and details intended to be top secret.

Many organizations get data security and privacy confused. You can’t have privacy without data security; however, you can have data security without privacy, and you don’t have to accept less of one to get more of the other. Security affects privacy only when dealing with identity, and even then there are some limitations.

Data Security is critical for most businesses and even home computer users. Client information, payment information, personal files, and bank account details are all types of information that can be hard to replace and potentially dangerous if it falls into the wrong hands. Organizations must take a holistic approach to protecting their information across the enterprise in physical, virtual and cloud infrastructures by:

  • Understanding where sensitive data exists
  • Safeguarding sensitive data in both structured and unstructured formats
  • Protecting non-production environments
  • Securing and continuously monitoring access to the data
  • Demonstrating compliance to pass audits

All have varying impacts on an organization’s sustainability, yet management can assess and survive all these risks and more by preparing for adversity or seizing opportunities within an Enterprise Risk Management (ERM) framework.

ERM includes the methods and processes used by organizations to manage risks and achieve their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organizatio’s objectives, assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall

The capability inherent in ERM helps management to achieve the performance and profitability targets as well as prevent loss of resources. This helps provide effective reporting, compliance with laws and regulations, and helps to avoid damage to a company’s reputation and associated consequences. Enterprise risk management helps a company get to where it wants to go and avoid pitfalls and surprises along the way.

Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, they have implemented ERM. This is simply not the case; however, a Strategic Risk Assessment is an important component of ERM and usually a starting point, but should not be considered a final destination.