Say Easy, Do Hard - Data Inventory and Classification, Part 1 - BSW #383

Application, user, and data security are the three core components of every security program, but data is really what attackers want. In order to protect that data, we need to know where it is and what it's used for. Easier said than done. In this Say Easy, Do Hard segment, we tackle data inventory and classification.

In part 1, we discuss the challenges of data inventory and classification, including:

• identifying all data sources within an organization, including databases, applications, cloud storage, physical files, etc., and documenting details like data type, location, and volume
• categorizing all data based on its sensitivity level, usually using classifications like "public," "internal," "confidential," or "restricted," which determines the necessary security measures to protect it
• prioritizing security measures and protecting critical information more effectively

Application, user, and data security are the three core components of every security program, but data is really what attackers want. In order to protect that data, we need to know where it is and what it's used for. Easier said than done. In this Say Easy, Do Hard segment, we tackle data inventory and classification.

In part 2, we discuss the steps involved in data inventory and classification, including:

• Data discovery: Identify all data sources across the organization using data mapping tools.
• Data profiling: Analyze data attributes to understand its content and characteristics.
• Data classification: Assign appropriate sensitivity levels to each data set based on predefined criteria.
• Data tagging: Label data assets with their classification level for easy identification.
• Data ownership assignment: Determine who is responsible for managing each data set.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-383