Use the ‘CIA’ approach to prevent data loss

Add to: Digg Add to: Del.icio.us Add to: Facebook Add to: Furl Add to: Google Add to: Live Spaces Add to: MySpace Add to: StumbleUpon Add to: Twitter
Thursday February 20, 2014 at 10:00am
Barclays Bank Plc was the latest organisation to see their data security called into question. A few weeks ago revelations were splashed all over the papers, with the details of apparently 2,000 customers handed to the Mail on Sunday. The Mail claimed another 27,000 records were available. Some reports suggest Barclays allege that the data was stolen, others intimate that a lack of security arrangements created the problem.

If big banks can lose large volumes of data, through either negligence, theft or poor internal practices – then smaller organisations are just as vulnerable, if not more so.

The key is Confidentiality, Integrity and Availability
It is no good having hardened data security to protect systems, if unauthorised access can occur and go unreported. The triad of information security ‘CIA’ Confidentiality, Integrity and Availability has to be in place to secure data.

Often we find at Parker Management Consultants that many organisations have written policies, but these often go unpoliced, they have no audit or review and are not communicated.

Equally important in maintaining the triad of ‘CIA’ is the appropriate culture of security within the organisation. All too often senior management encourages staff to be open and co-operative. This can sometimes go against a more questioning remit to underpin the necessity to challenge fellow employees, contractors and visitors.

In Barclays' situation the regulatory authorities will commence a full investigation and report in due course. Whether this was a physical, or systems security breach or a failing in people issues time will tell. However, all business owners can promote effective security by adopting and maintaining a good security culture and ensuring that the ‘CIA’ triad is deployed at all times.

A security awareness assessment can identify how well your organisation’s security awareness is against best practice Standards.

Marcus Allen
Parker Management Consultants

Comments on this post:

There aren't any comments for this post yet. Why not be the first to comment?

Share your experiences:

Your Name  
(to appear with your comment)
Email Address  
(will not be published)
Comments:  
Human Validation Check  
In the box below, please type the characters that you see in the picture. This helps us to ensure a real person (and not a crafty computer!) is submitting this form.

Enter the code shown to the left:

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here