A Perfect Storm
How high-profile data breaches expose critical flaws in the way we manage sensitive data
Recent high-profile data breach events are sharpening the government’s resolve to look at the security measures they have in place to protect sensitive information. Agencies must be willing to evaluate their assumptions and practices honestly and comprehensively.
- Are we analyzing and classifying our data in ways that make sense for security?
- Do we have the right controls in place?
- Do disconnects between policies and practices demonstrate that users are finding shortcuts to meet business objectives of doing more with less, or otherwise unintentionally opening downstream vulnerabilities that might not be obvious to them?
Why act now?
There is a growing need for departments and agencies to strengthen their security and privacy controls as a result of the increased number of data breach occurrences across the Federal government. The magnitude and impact of these breaches have intensified, garnering media attention across the country and internationally. The recent WikiLeaks case is an obvious example which exposed critical flaws in the management of sensitive data and the need for a more holistic approach to protecting data.
Outlined in this point of view is Deloitte's model for a focused, measurable approach to mitigating threat called, Enterprise Data Protection (EDP). Benefits of EDP helps agencies address the following:
- Establish a risk-based strategy for understanding and managing its environment and potential insider threats
- Enable a more systematic approach to current and future planning for investment in tools and services
- Support a data protection strategy and deploying them to ensure the most efficient use of IT spending
Download the PDF attachment below to learn more.
As used in this document, “Deloitte” means Deloitte & Touche LLP and Deloitte Consulting LLP, which are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.