Connecting and calculating: Data risk flow diagramming services
Data is the most important commodity that your enterprise has. You need to make sure that its confidentiality, integrity and availability cannot be breached.
If this happens, you won’t just have to face legal headaches. Your customers will lose confidence in you too. They see it as a case of betrayal.
So, what do you need to do to avoid losing your customers’ trust? Simply adding security technology to your infrastructure isn’t enough to comply with complex laws.
You need a better understanding of how data flows through your organization and what it is exposed to along the way.
How do we solve your data risk flow issues?
netlogx advocates a lean approach to information security management. A cornerstone of this approach is the development and maintenance of the Data Risk Flow Diagram (DRFD).
The DRFD is a graphical representation of how data moves. It shows who and what the data interacts with, together with the risks that it faces.
DRFDs offer a way of embedding information security practices into your core business and are an excellent way of communicating the need for change, simply and effectively.
When used in the security requirements gathering process, they are intuitive and enable cross-functional discussions. The DRFD is also a great way of driving Lean Six Sigma process improvement initiatives.
A DRFD is developed following interviews and structure workshops with asset owners, data owners, systems custodians and infrastructure custodians.
The development process then continues:
- Supporting documentation is collected and reviewed
- Threat and vulnerability pairs and risk scenarios are developed
- Performance goals against design objectives are developed
- Benchmarking and best practices are deployed
- The DRFD can then be documented and published.
What is the benefit of the DRFD?
The rapid development of intuitive maps highlighting data flow and the risks faced means that appropriate controls can be developed and deployed.
The DRFD is also an excellent vehicle for cross-functional communication in the critical arena of information security.