Opinion
Oct 23, 20093 mins
DLP SoftwareRisk ManagementSecurity
* Knowledge of risk factors goes a long way in protecting data
Chris Sullivan, Courion’s vice president of customer solutions, recently posted a blog entry about risk management. In it he quotes Warren Buffett, the world’s richest man and undisputed king of practical risk management who once said, “Risk comes from not knowing what you’re doing.”
Chris Sullivan, Courion’s vice president of customer solutions, recently posted a blog entry about risk management. In it he quotes Warren Buffett, the world’s richest man and undisputed king of practical risk management who once said, “Risk comes from not knowing what you’re doing.”
While that’s a bit trite for my taste it is, nevertheless, worth remembering. Just as long as you know that the converse isn’t true: knowing what you’re doing does not remove the risk. Knowing what you’re doing can help mitigate, or alleviate, the risk but it rarely removes all of the risk. Still, it’s important enough that we could say the first rule of risk management is: Know what you are doing.
If you know, for example, that you are loading people’s names, ID numbers (Social Security, national health, credit card and so on) and other information as clear text to a laptop computer (or, probably worse, to a memory stick) then logically you should realize that the risk of releasing that data into the wild is very great. That would be rule No. 2: Know the risk involved with what you are doing.
Once you are aware of the risk involved you would — hopefully — take steps to reduce the risk such as encrypting the data or, even better, not taking it outside of the firewall. There’s rule No. 3: Take steps to remove as much risk as possible.
As Sullivan says about the Buffett quote: “How simple is that? You can have all of the risk management frameworks that the big four can sell you but if you don’t know who has access to what, you can’t assure access, can’t manage risk and you can’t assert compliance to virtually any regulations. Hell, you don’t even know what access to remove when someone leaves your company.”
It’s not rocket science, and it can be very simple as long as you remember the three rules:
1. Know what you are doing.
2. Know the risk involved.
3. Remove as much risk as possible.
Obviously, there’s a lot more to risk management than that but by simply following those three simple rules many, if not most, data breaches and leaks of the past few years could have been avoided.
UPDATE: Last week I mentioned the new functionality of Oracle’s ESSO client. Now a little bird tells me that this is little more than a re-branding of Passlogix’ v-GO On Demand Edition. So you have a choice.
Related content
brandpostSponsored by Zscaler
Starting zero trust without spending a dime
Affordable steps to zero trust: Enhancing security with zero expense and major impact.
By Brett James, Director, Field Product Management
Sep 12, 20246 mins
Security
brandpostSponsored by Zscaler
AI-assisted cybersecurity: 3 key components you can’t ignore
AI in cybersecurity: Balancing innovation with vigilance as artificial intelligence reshapes true risk.
By Zscaler
Sep 12, 20248 mins
Machine LearningSecurity
brandpostSponsored by Zscaler
$75M ransom payment made - 5 Key ransomware findings
Navigating the evolving ransomware threat: Insights from the Zscaler ThreatLabz 2024 report.
By Zscaler
Aug 23, 20246 mins
Security
brandpostSponsored by Zscaler
The present and future of Zero Trust segmentation at Gray Television
Revolutionizing network security: Gray Television’s digital transformation with Zscaler.
By Brian Morris, VP, Chief Information Security Officer, Gray Television
Aug 20, 20247 mins
Security
NEWSLETTERS
Newsletter Promo Module Test
Description for newsletter promo module.