What we do is dependent on us being able to share data with people outside the organisation—how can we do that safely in a "community of trust"? What risks are introduced through the extended enterprise?
The greater the degree of separation, the greater the difficulty of evaluating risk. How willing is your organisation to accept risk from unmanaged PCs and non-employees?
Trust reduction factors:
- Greater distance
- Different organisations
- Cultural diversity
- Multiple jurisdictions
- Incompatible technologies
The less you know about something, the riskier you must assume that it is.
A Community of Trust offers:
- Assurance that you know with whom you are dealing
- Confidence that information has not been manipulated
- Expectation that sensitive information will not leak
Line of business decides how to use the technology that is provided by IT.
Call to action:
- Re-evaluate your current outsourcing and partnering risks.
- Move controls up the stack to application and data layers.
- Put controls on endpoints where the data is used.
- Use discretionary controls and logging and move towards mandatory controls—ultimately, automated controls.
No comments:
Post a Comment