When it comes to records retention, discovery, and “toxic data”, is your organization rolling the dice with respect to Risk Management, Legal Compliance, and Data Analytics when they collide with the deployment of new information technology tools in your enterprise? Have your Data Stewards turned into armies of Data Hoarders by storing and archiving breach notifiable, intellectual property, and other types of restricted data in places it shouldn’t reside, gone beyond boundaries of useful data retention for analytics, or marched forward without any retreat of data reduction, redaction, or restriction?
Well if you are considering these questions yourself, or simply answered “Yes”, this presentation will provide strategies to identify that “toxic data” and conquer data risk. We will provide a framework for forming alliances across the differing groups of Risk Management, Legal, Information Technology & Security, and Data Stewards in addressing records & retention policies, and how much of that sexy new data storage, backup, vaulting, and data loss prevention technology can be designed to best fit within that enterprise risk management infrastructure. We will also demonstrate how policies, processes, and procedures can join forces with technical controls and be deployed within an enterprise to capture the flag of overall organizational risk reduction.
Executives, Business Managers, or IT Managers or Systems Professionals whose organizations are either seeking guidance on or attempting to implement data risk assessment, secure data handling and/or data retention strategies.
Impact & Benefits
- Demonstrate an understanding of security frameworks and governance utilized in assessing an organization’s information security health and maturity, and determining data sensitivity levels and classifications.
- Formulate organizational data classification and data retention strategies and policies.
- Demonstrate and understanding of varied Administrative and Technical controls utilized for risk and vulnerability assessment, data classification level controls, and sensitive data identification and protection.
Keith Hartranft CISSP, PCIP
Chief Information Security Officer, Lehigh University