Know your Data? (link below)….. Data is difficult, Categorising and securing Data is difficult, I personally rate this as a 4 or 5 out of 5 stars in my Cyber Security complexity Framework. Meaning that it is my opinion that this is not the place that most organisations looking to reduce their Cyber Risk should start.
I don’t want to know my data, at least not yet, there are many other risk mitigations to plan and implement first.
Tier1 – Always
1. Multi Factor Authentication for user access and Encryption of the source data is going to provide much more return from investment for most organisations.
2. Privileged Access Management and Role based Access controls are the next step, even before considering “Data” because again they will provide more coverage for the organisation.
All of this needs to be underpinned by knowing what is happening within your Infrastructure at all times, starting with End Point Protection and progressing into Detection, Protection and response of your Assets, because Cyber Attacks need compromised End Points.