Happy New Year!

Lots has happened in 2020 with relations to information security, but the biggest thing has been the accelerated (often unwillingly) push towards digital transformation. That being said, if you haven't already put together an information security strategy, starting a new year is as good a time as any!

So what is one to do? Where does one start?

Well, one place to start is understanding what data you are trying to protect and work your way back from there. After you've identified some of your important data, some questions to ask are:

• Who (and what systems) have access to that data?

  • Do they need the ability to read and modify, or can they do their job with read-only?

  • Is access audited and logged somewhere?

• What would be the impact if that data was deleted?

• Is it backed up?

  • Have you tested your backups?

• Is the data safe when it travels (encrypted in-transit) and is it shared with specific people or available to anyone with a link?

These are just some basic questions to consider when trying to prioritize security, essential when putting together a security strategy. This is all a part of Threat Modeling and trying to understand where a threat can take advantage of your overall system.

There is a lot more to putting together an information security strategy of course, but I just wanted to highlight some thought exercises to help you on your way.

Happy New Year!

Ayman

If you liked this email, forward it to a friend! I'd appreciate it.