Tips: The Low Profile, High Impact Risk To Enterprise SecurityDriveSavers Data Recovery
Risk management is a must in today’s challenging environment of mounting digital attacks on vital corporate assets and the regulated data they are entrusted to protect. Most corporations have a dynamic layered security practice, which incorporates multiple security controls to protect this sensitive data. However there appears to be an undetected or unattended internal— data recovery — that appears to be an exception in an otherwise strong-layered security practice. Luckily, DriveSavers Data Recovery has provided a series of steps to help business close the security gap that can be caused by the data recovery process. Step 1: Conduct Gap Analysis. The first step is to determine if this security gap exists within the organization. The responses to the following questions will assist in determining that.
Step 2: Revise internal and external policies and procedures where needed. If the gap exists in the organization, determine what internal policy, procedures, and practice need to be revised. The revised internal policies should be applied to all third party data recovery vendors who handle the organizations sensitive and regulated data. The contract modifications may be necessary for vendors to ensure they handle the corporation’s data at the same level the corporation handles its internal data.
Step 3: Develop and operate enforcement mechanisms. Revising the policy, procedures, and practices to mitigate the gap is the first step. The following are required to ensure that the new policy, procedures, and/or practices are followed:
Step 4: Modify contracts with third party vendors to align with internal changes. Any internal changes to the policy and procedures regarding the use of third party data recovery vendors should be mirrored in contractual arrangements with high-risk third party vendors that handle the organizations sensitive and regulated data. In most cases, the vendor contract will have the necessary provisions but not call out the data recovery process. It is recommended that the criteria for selecting a data recovery vendor be used to amend these contracts. Step 5: Ongoing monitoring of the third party data recovery vendors Many companies have excellent vetting protocols outlined in their vendor risk management, business continuity and disaster recovery plans, but data recovery vendors may require some special consideration for ongoing monitoring. These performance-monitoring controls should include:
Given that there are no directives, standards, and best or reasonable practices, these steps can help to provide a roadmap for mitigating the potential risk of data recovery. The solution to this high impact risk requires policy and procedural changes only and is low in cost. It insures that the confidentiality, integrity, and availability of the corporation’s sensitive information are maintained during the data recovery process. |
Add comment (Comments: 0) |   |