Message From The Head Of Security Consulting

Hanna Mathai

By Talal Wazani, Head of Security Consulting

2 min to read
Message From The Head Of Security Consulting

Over the past six months or so, we have witnessed an increased focus on data protection initiatives in both government and private institutions in the region. These initiatives ranged from establishing governance around data classification, to privacy compliance, and all the way to implementation of technologies that would support the organization in monitoring and preventing leakage of sensitive information beyond the intended recipients as per the approved business need.

Elements of Data Protection
  • Communication of policy
  • End-user education
  • Classification of data (ownership, metadata, flows)
  • Data Protection Framework
  • Policy
  • Process
  • Protection requirements
  • Handling requirements
  • Automated classification
  • Data leakage prevention

At Help AG, we have taken an information centric approach to establishing classification governance that is focused on knowledge transfer, which in turn means long-term sustainability of the program by the internal end customer resources. This is also coupled with state-of-the-at technologies that enable the organization to have an automated approach to labeling their sensitive data and preventing leakage outside the organization; as well as applying additional controls as per the defined sensitive information handling guidelines.

  • Classification
  • Labeling
  • Rights Management
  • Access Control
  • Encryption
  • Data Discovery
  • Activity Monitoring
  • Rights Enforcement
  • Application Control
  • Data Loss Prevention
  • Encryption
  • Application Controls
  • Physical Protection
  • Encryption
  • Regulatory Compliance
  • Secure Disposal
  • Retention Management
  • Regulatory Compliance
Below are some tips that will ensure a sound information classification program:
  • Define your objectives and set your KPIs
  • Educate the general users on their responsibilities via dedicated awareness sessions
  • Formally initiate the project with organizational stakeholders and ensure top management support
  • Configure the DLP policies to fit the company business needs for information protection
  • Formalize and communicate detailed policies, procedures, and guidelines to govern the information classification process
  • Plan and perform periodic tests, e.g. simulate a scenario in which the DLP shall react as expected and analyze the results thoroughly
  • Select the ight representatives from all organizational units to bring them together in the common ‘information protection journey
  • Monitor the change management of the information classification process and reflect the necessary DLP improvements promptly
Tips for handling sensitive information
Abide by your corporate information classification policies and procedures Leave sensitive information unattended
Label the information you create with the proper classification level Pint sensitive information on a public printer
Avoid over-classifying and under-classifying your information Store sensitive information on personal devices
Handle your information as per the defined handling guidelines for each classification level Communicate sensitive information using unsecure mediums
Store your sensitive information in secure containers (physical cabinet, encrypted storage devices, etc.) Provide sensitive data access to unauthorized users
Double check the email recipient before attaching sensitive information Share your credentials with anyone
Pint sensitive information on corporate approved printers if there is a legitimate need Dispose of information insecurely

Share this article

Upcoming event

Black Hat MEA 2024

  • KSA
  • Riyadh