Information Security Today Home

New Books

Securing Cyber-Physical Systems by Al-Sakib Khan Pathan; ISBN 9781498700986
Global Information Warfare: The New Digital Battlefield, Second Edition by Andrew Jones and Gerald L. Kovacich; ISBN 9781498703253
Touchless Fingerprint Biometrics by Ruggero Donida Labati, Vincenzo Piuri, and Fabio Scotti; ISBN 9781498707619
Securing Systems: Applied Security Architecture and Threat Models by Brook S. E. Schoenfield; ISBN 9781482233971
Cybersecurity: Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare by Thomas A. Johnson; ISBN 9781482239225
Android Malware and Analysis by Ken Dunham, Shane Hartman, Manu Quintans, Jose Andre Morales, and Tim Strazzere; ISBN 9781482252194

5 Steps to Securing Data Workflows in Your Organization

By Benny Czarny, CEO and founder at OPSWAT

Every organization has data flowing into and out of the organization. Along with any data comes the risk of malware. To protect against threats, most organizations implement anti-malware solutions at different entry points, such as email, web, and portable media. However instead of tackling each entry point as a separate anti-malware project, organizations should treat secure data workflow as a complete process that addresses data cyber security in the company as a whole. By combining the different elements into one process, organizations obtain a complete overview, decreasing the chance of overlooking things and allowing them to benefit from synergies and increase efficiency.

So, how can you implement a secure data workflow in your organization? The secure data flow planning process consists of five steps:

1. Identify the Different Data Workflows
Organizations need to determine where data is coming from and what the destinations are. For example, data that comes in through email is destined for employees or contractors. Data that comes in through the web is destined for desktops, mobile devices, USB devices, and so on. Each data flow in the company needs to be defined in this way.

2. What File Types Are Needed by Users?
Secondly, organizations need to determine which users need which types of files. For instance does the accounting department need to receive executable or media files? Probably not. Do they need to receive PDF and Word documents? Yes. However, the IT department should have access to exe files. Similarly, the marketing department might need access to media files to complete their daily tasks.

3. What Threats Are Possible?
Some file types are more dangerous than others. Executable files can contain viruses. PDF and Word documents can include

Subscribe to
Information Security Today

Bookmark and Share

© Copyright 2016 Auerbach Publications