At the 2016 RSA Conference in San Francisco, CA, Todd Feinman, CEO and Gabriel Gumbs, VP of Product Strategy presented on Sensitive Data Management Maturity – The DLP Missing Link.
As a company and with the help of industry professionals, we created a Sensitive Data Maturity Model to help organizations identify where their data is, who owns it, what should be done with it, and how much of it exists.
Many organizations have massive amounts of data that resides in multiple locations, making it hard to control where that data is, what is classified as sensitive data, and what permissions to allow for specific data types. With automated persistent classification, you are identifying within the metadata what is confidential, sensitive, or public, and are able to implement the proper processes and technology to block the sensitive data from leaving your organization.
“It’s not just about technology, it’s about the whole process and technology. The people aspect of this is absolutely critical.” – Todd Feinman, CEO Identity Finder
We looked at many different maturity models ISO/IEC 15504, COBIT, Cybersecurity Capability Maturity Model (C2M2), ISO/IEC 21827:2008, and could not find a model that addressed managing sensitive data. So, we decided to make our own and share it with the security industry.
The Sensitive Data Maturity Model empowers those who adapt it to build forward looking data security initiatives and track their efficacy. Made up of four business functions, three security practices within each business function, and four maturity levels, the Sensitive Data Maturity Model is designed to fill that gap in existing available resources. Allowing you to benchmark your maturity with other organizations while providing management with a self-assessment tool for data security process capability in comparison to business requirements, and as a tool for gap analysis and improvement planning.
Want to take a deeper dive into the Maturity Model? Please view the presentation from the 2016 RSA Conference, here.