Follow us on twitter.  

Ultimately, organisations are challenged with a primary goal. Which is to protect and secure the information that they hold and maintain within their networks. Understanding the risk exposure and threat environment of the data being protected, helps their organisation to understand their risk management strategy as well as their organisations' threat profile.

To better understand the data protection strategy for the organisation, we recommend discussion regarding the following topic points:

What data do i keep, and is it important to me?
The immediate question is to ask what data your organisation maintains? Is this confidential information, does it have a sensitive nature, personally identifable data? Then, consider what would happen if the data became corrupt or was unable to be trusted? Could your organisation continue to operate without the data? Answering these initial questions, will help to formulate the type of data and the risk expsoure that you have.

What systems have access to the data? Is it read-only? Does it require write access?
Another critical area, is determing what systems you have that access the data? Is there multiple copies of the data within the organisation? Do systems or user's have access to the information that they shouldn't?

Whom do i share the data with? How is it accessed?
The purpose of business IT systems is to allow access to and share data amongst people and other third party systems. Understanding how access is given to systems (i.e Web Services) as well as access controls associated with data access, will help to understand the external risk exposure of the organisation. This is particularly important, as organisations continue to rapidly deploy IT systems online and in the cloud, thus exposing the data unknowingly to third parties or external threats.

Data Protection is also important in ensuring compliance with relevant standards. Australian Privacy Law's, Federal Health Acts, as well as standards such as PCI and APRA, all require organisations to ensure reasonable steps and industry best practices are undertaken to protect their systems and the data they communicate.

Appsecure works with our clients to help understand their data protection requirements, as well as ensure that a security program is managed to identify and mitigate security threats that may expose the organisation to attack.

Client Enquiry Request (complete the form below, and we'll contact you)
Name:   Company:  
Email:   Contact Number:  
   We take privacy seriously, read our privacy policy

Audit & Compliance
Security Testing
Education & Awareness
Strategic Planning (SDL)
Risk Management
Cloud Security
PCI Compliance
Data Protection

Are you a client? Our client portal provides real-time access to your reports, as well as our knowledge portal and secure file transfer.
Register for Access
Forgot your password?
Terms & Conditions of Use

Latest blogs, articles and advisories from our research and testing team....
Avoid Common PCI Pains
Avoid a lot of the common mistakes made with PCI!
Maximise Education ROI
Get better ROI on your education programmes!
How to Secure the Cloud
How to securely deploy into the cloud for applications.
Assurance Vs Penetration
Whats the difference between the two types of testing?
  Read More..

Copyright © 2018 - 2020 Appsecure Pty Ltd  |  ACN 132 491 644  |  |  02 9160 7045   |  BRISBANE - SYDNEY - MELBOURNE - CANBERRA