The Data Lifecycle goes through 5 steps: creation, usage, transport, storage and destruction. Most companies have parts of this lifecycle under control, but that means there are lots of areas for gaps in the control measures that could let a threat affect the data. The multiple part blog, (I am not sure how many parts it will take), will walk through the steps of the data lifecycle and what a company can do to implement a good process for all the data management challenges.

Data lifecycle management (DLM) is a policy and procedure based approach to manage information movement. Data has to be classified and evaluated to properly protect it with the right resources. Ownership is a key factor in managing and maintaining data throughout the lifecycle

The 5 Steps

1. Creation – How does data creation get managed?
2. Usage – What limitations are on data usage?
3. Storage – What controls are in place for storage?
4. Transportation – How is data transmitted between company, customers and business partners?
5. Destruction – What is the validation and verification process over data destruction?

The Data Management Problem

• Weak processes in place to track creation usage, transportation, storage and destruction
• Weak ability to monitor and manage a customer record throughout the lifecycle
• Inconsistent processes across each phase of data movement
• Lack of enforcement capabilities

What should be the goal of data lifecycle management?

• Provide practical steps to manage each step of the customer record management process
• Provide cost effective solution for risk mitigation
• Provide framework for data management
• Reduce risk of data loss

Challenges to Customer Data Records Management

• Rarely does a company have a centralized process to track controls over data, over management processes around data, over logging and monitoring, and removal
• Organizations rely on technology to secure data not processes that drive technology purchases
• The 5 steps of data management are not followed by all functional groups in a company
• No clear ownership and classification of customer data elements

Did you know…

• 1 in 400 emails contains confidential information
• 1 in 50 network files contains confidential data
• 4 out of 5 companies have lost confidential data when a laptop was lost
• 1 in 2 USB drives contains confidential information
• Companies that incur a data breach experience a significant increase in customer turnover—as much as 11%
• Over 35 states have enacted security breach notification laws
• Can openers were invented 48 years after cans

Related articles by Zemanta

• Infosec 2010: A quarter of all firms have seen data integrity attacks (computing.co.uk)

Its a difficult thing to try and forecast. The good thing about it is that no one really remembers your forecaste anyway.

Regards
Gary Bahadur

http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity
Managed Security Services
Managed Firewall
Managed Vulnerability Scanning

++++++++++++++++++++++++++++++++++++++++++++++++
Cyber Security Mega Trends Study
Prepared by Dr. Larry Ponemon, November 18, 2009

Related articles by Zemanta

• Think Tank Study Shows Top Web Trends Are Security Risks (readwriteweb.com)
• The cloud is a powder keg (myventurepad.com)