It is a model-based approach to information assurance that describes the requirements for security in an organisation, taking account of the business that needs to be supported. The model is based around the concept of a security Domain, which represents a logical place where people work with information using a computer system, and which has connections with other security domains where this is necessary to support business activity. Hence the focus is on the information that needs protection, the people that work with it and the people they exchange information with. The model can also describe the physical environments where people work and the system boundaries where major system security measures are placed. A systematic method is then applied to the model to identify and describe the risks to which valuable information assets are exposed and specify security measures that are effective in managing the risks.
Data Loss Prevention
Data loss/leak prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake. Such sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry.
Business Continuity Management
Business Continuity is often described as ‘just common sense’. It is about taking responsibility for your business and enabling it to stay on course whatever storms it is forced to weather. It is about “keeping calm and carrying on” BC is about building and improving resilience in your business; it’s about identifying your key products and services and the most urgent activities that underpin them and then, once that ‘analysis’ is complete, it is about devising plans and strategies that will enable you to continue your business operations and enable you to recover quickly and effectively from any type disruption whatever its size or cause. It gives you a solid framework to lean on in times of crisis and provides stability and security. In fact, embedding BC into your business is proven to bring business benefits. Business Continuity (BC) is defined as the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. (Source: ISO 22301:2012)
Disaster Recovery Planning
A disaster recovery plan (DRP) - sometimes referred to as a business continuity plan (BCP) or business process contingency plan (BPCP) - describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention.
DRM / IRM
IRM has the potential to enable a new level of information security for the enterprise. However, mainstream IRM engines are not sufficiently featured to smoothly integrate into existing business processes. Secure Islands IQProtector leverages IRM protection, and takes it to the next level by adding a simple, yet powerful management layer based on sophisticated, real-time classification of data from any enterprise source. Fully automating IRM by classification on endpoints (including PCs, mobile and tablets), repositories and ECM systems, IQProtector instantly broadens IRM coverage to include any file format, mail, web page, or application field based on a central policy. With ongoing data-centric risk assessment and reporting, auditing and forensics based on big-data analytics, IQProtector allows organizations to stay in control of their sensitive data at all times.
Information Classification Method
Data classification helps firms discover what data they hold, where it is, who can access it and how long it must be retained. Available products can discover and migrate data. The data holdings of organisations regularly extend to many terabytes of individual files that have accumulated over years of often unplanned or semi-planned activity. Companies frequently don't have data classification methods and/or policies in place that allow them to know what data they hold and where it's located.