Data Classification episode artwork

EPISODE · May 21, 2020 · 24 MIN

Data Classification

from Defense in Depth

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-data-classification/) The more data we horde, the less useful any of it becomes, and the more risk we carry. If we got rid of data, we could reduce risk. Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Nina Wyatt, CISO, Sunflower Bank. Thanks to this week's podcast sponsor, Cmd. Cmd provides a lightweight platform for hardening production Linux. Small and large companies alike use Cmd to address auditing gaps, implement controls that keep DevOps safe, and trigger alerts on hard-to-find threats. With out-of-the-box policies that make setup easy, Cmd is leading the way in native protection of critical systems. On this episode of Defense in Depth, you'll learn: Usable, user-friendly, viable-in-every-scenario data protection that is invisible, seamless, and always on does not exist, but could exist, and should exist. Classification tools that tout automation, really aren't. There is still a good amount of manual intervention. Another way to solve the data protection issue is to get rid of data. Our data protection problem amplifies as we find ourselves protecting more data. But a lot of data simply doesn't need to be protected. It could be classified for non-protection or just destroyed. Data is mostly unstructured and it needs to be structured to the sense that you know how data is flowing, and that is extremely difficult to do. We spend more time on hardware and networking diagrams but what we should be doing is diagramming data flow. Mandate retention limits on data. People don't like it, but it's going to make you a lot safer. Just mandate the lifespan of data. If it's not needed or accessed in a certain period of time, archive it or possibly kill it. People think holding onto data is costless, but reality is the more you hold onto it becomes very costly from a security perspective. Utility to you vs. utility to the bad guys is relative. For example, a bank statement from five years ago has little utility to you now, but if a bad guy is looking for information, that has the same value as a bank statement from today. The questions you need to be asking: Is your data sensitive, does it have open permissions, how long has it been since the data was accessed? Data with PII is both an asset and a liability. Classifying data also has a major problem with consistency. Often data can be put into multiple categories or classes. Security of data is usually not the factor many consider. We are often thinking about the security around data.  

NOW PLAYING

Data Classification

0:00 24:41

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

MG Show MG Show The MG Show, hosted by Jeffrey Pedersen and Shannon Townsend, is a leading alternative media platform dedicated to uncovering the truth behind today’s most pressing political issues. Launched in 2019, the show has grown exponentially, offering unfiltered insights, comprehensive research, and real-time analysis. With a commitment to independent journalism and factual integrity, the MG Show empowers its audience with knowledge and encourages active participation in the political discourse. Eat to Live Jenna Fuhrman, Dr. Fuhrman Our health is our most precious gift and smart nutrition can change your life. Each month, join Dr. Fuhrman and his daughter, Jenna Fuhrman as they discuss important topics in the world of nutrition. Eat to Live will change the way you eat and think about food. French Your Way Jessica: Native French teacher founder of French Your Way Boost your French listening skills and test your comprehension with this one of a kind series of podcasts. Get the chance to listen to a real conversation between native speakers talking at normal speed AND customise your learning experience through carefully designed sets of questions (2 levels of difficulty) available for download at www.frenchvoicespodcast.com. All interviews also come with the transcript. French teacher Jessica interviews native speakers of French from around the world who share a bit of their life and passion. Where else would you meet in one same place a French yoga teacher based in Melbourne, a soap manufacturer from Provence, or a couple cycling around the world? XXX Tech by SOVRYN Dr. Brian Sovryn The crossroads between technology, sensuality, and metaphysics - and the longest running anarchist podcast in the world! Brought to you by Dr. Brian Sovryn.

Frequently Asked Questions

How long is this episode of Defense in Depth?

This episode is 24 minutes long.

When was this Defense in Depth episode published?

This episode was published on May 21, 2020.

What is this episode about?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-data-classification/) The more data we horde, the less useful any of it becomes, and the more risk we carry. If we got rid of data, we could...

Can I download this Defense in Depth episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!