Newsletter #8: It’s 2021! Time For An InfoSec Strategy?
Happy New Year!
Lots of things happened in 2020 in relation to information security. But the biggest thing has to be the accelerated (often unwillingly) push towards digital transformation. That being said, if you haven’t already put together an information security strategy, starting one now is as good a time as any!
So what is one to do? Where does one start?
Well, one place to start is understanding what data you are trying to protect. Then, you can work your way back from there. After you’ve identified some of your important data, some questions to ask are:
- Who (and what systems) have access to that data?
- Do they need the ability to read and modify, or can they do their job with read-only?
- Is access audited and logged somewhere?
- What would be the impact if that data was deleted?
- Is it backed up?
- Have you tested your backups?
- Is the data safe when it travels (encrypted in-transit)?
- Is the data shared with specific people or available to anyone with a link?
These are just some basic questions to consider when prioritizing security, but they are essential when putting together a security strategy. This is all a part of Threat Modeling and trying to understand where a threat can take advantage of your overall system.
There is a lot more to putting together an information security strategy, of course, but I just wanted to highlight some thought exercises to help you on your way.
Happy New Year!
This article was previously posted in the Newsletter.
If this article was helpful to you, consider subscribing to my weekly newsletter, where I share my latest commentary as a vCISO for high growth startups.