This is an excerpt from your Mitigating Collaboration Risk Workbook. Download the entire book here!
Take a look at our other ebook excerpts below:
With regards to mitigating information risk, you need to determine which from the risks inside your risk portfolio is sensible to mitigate first and develop a summary of methods for doing this. Together, whatever mitigations you embrace have to address the folks, process, and technology aspects inside a coherent and balanced way.
Mitigations to think about include:
Classifying private, personal, sensitive, and guarded data wherever it is operational across your computer data estate. The opportunity to mitigate information risk depends on the opportunity to identify specific information in danger, and both manual and automatic classification approaches enable this.
If information is classified ahead of time, then downstream security technologies can use policy-based decisions, data access demands by data subjects are greatly simplified, and decisions on archiving and deletion streamlined. File Analysis, a capacity in AvePoint Compliance Protector, supplies a classification of files in target systems in line with the data types within each file.
Policies to handle Information
Get the access, discussing and protection policies which should affect the various information collected, stored and used in your organization. AvePoint PI enables you to definitely rapidly set your policies in line with the rules and various groups of risk which are vital that you your business, so that you can enforce broadly mentioned but ineffectual policies.
For instance, the who involved with a discussing action—and compared to their usual task set and also the baseline of discussing activities for those individuals that role—will dictate whether a particular discussing action represents minimal, moderate or high-risk. PI will trigger another policy response according to additional context factors such as this.
Minimize Duplicate Data
Duplicate data ought to be minimized, for example through deletion or file encryption. For instance, extracts of sensitive data from structured authoritative systems which are now locked in unstructured formats ought to be tightly controlled to avoid accidental access or breach. Once identified through classification mechanisms, the information could be automated deleted, restricted through file encryption, or restricted through applying a particular access policy.
Information Risk Awareness Training
Helping employees to build up a comprehension from the rhyme and reason behind the different controls, policies, and risk safeguards results in a human layer of risk minimization.
Similar in intent to Security Awareness Training but targeted at information risk, such training programs explore rationale (the why, for example regulatory needs to safeguard sensitive data), technical and policy mitigations (the how, including data classification aligned with DLP policies), and also the new work practices needed (the what, for example using AvePoint Cloud Governance for requesting a brand new workspace to ensure that access, classification, and retention policies does apply towards the workspace being an integral component of its creation process, together with ongoing recertification of content possession and classification).
Understand the other steps of making a danger minimization plan within the full workbook!