Thought of the day - Your critical data

Security vendors, for the most part, are snake oil salesmen of the 21st century (ok maybe that is a tad harsh but it is an inroad to my point). What they do not get down to which ultimately is the crux of all this hullabaloo....is data awareness, data classification, data control, data reduction, and data monitoring......everything else is a band-aid for after the fact....


If you can answer these following questions, you are what we use to call in the military, ahead of the game (AoG)....

1. What is your critical data?

2. Where is your critical data? 

3. Who can access your critical data?

 
4. Who monitors your critical data? 

5. Who can alter your critical data?

6. Do you periodically review and conduct data reduction procedures on your critical data?

7. How do you archive your critical data? 

8. What are your procedures for loss or compromise of critical data?

9. Do you apply levels of classifications to your critical data? 

10.  How does your supply chain impact your critical data?