Why Data Security and Enterprise Risk Management are Important

Tuesday, August 28, 2012

Christopher Rodgers


Data Security is the practice of keeping data protected from unauthorized access and corruption.

The focus behind data security is to provide privacy while protecting personal or corporate data.

Data is the raw form of information stored in databases, network servers and personal computers. This may be a wide range of information from personal files to intellectual property to market analytics and details intended to be top secret. 

Many organizations get data security and privacy confused. You can’t have privacy without data security; however, you can have data security without privacy, and you don’t have to accept less of one to get more of the other. Security affects privacy only when dealing with identity, and even then there are some limitations.

Data Security is critical for most businesses and even home computer users. Client information, payment information, personal files, and bank account details are all types of information that can be hard to replace and potentially dangerous if it falls into the wrong hands.

Organizations must take a holistic approach to protecting their information across the enterprise in physical, virtual and cloud infrastructures by:

  • Understanding where sensitive data exists
  • Safeguarding sensitive data in both structured and unstructured formats
  • Protecting non-production environments
  • Securing and continuously monitoring access to the data
  • Demonstrating compliance to pass audits

All have varying impacts on an organization’s sustainability, yet management can assess and survive all these risks and more by preparing for adversity or seizing opportunities within an Enterprise Risk Management (ERM) framework.

ERM includes the methods and processes used by organizations to manage risks and achieve their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization's objectives, assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress.

By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.

The capability inherent in ERM helps management to achieve the performance and profitability targets as well as prevent loss of resources. This helps provide effective reporting, compliance with laws and regulations, and helps to avoid damage to a company’s reputation and associated consequences.

Enterprise risk management helps a company get to where it wants to go and avoid pitfalls and surprises along the way.

Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, that they have implemented ERM. This is simply not the case; however, a Strategic Risk Assessment is an important component of ERM and usually a starting point, but should not be considered a final destination.

Possibly Related Articles:
Enterprise Security
Information Security
Policy Privacy Security Strategies Risk Assessments Data Classification Data Loss Prevention Personally Identifiable Information Enterprise Risk Management erm
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.