{"id":298,"date":"2014-01-26T00:15:22","date_gmt":"2014-01-25T23:15:22","guid":{"rendered":"http:\/\/wp1149244.wp072.webpack.hosteurope.de\/?page_id=298"},"modified":"2022-03-26T10:29:11","modified_gmt":"2022-03-26T09:29:11","slug":"information-security-it-risk","status":"publish","type":"page","link":"https:\/\/www.klaushaller.net\/?page_id=298","title":{"rendered":"Information Security, IT Risk & Compliance"},"content":{"rendered":"
\"Image<\/a>

Image courtesy of khunaspix \/ FreeDigitalPhotos.net<\/p><\/div>\n

What is information security about? Many think about firewalls and fighting hackers and malware. Snowden is a good example for another class of information security threats. He represents the risk that an employee gets data \u2013 by mistake or on purpose \u2013 out of an organization using normal access rights, thereby harming a company\u2019s position on the market or violating compliance needs.<\/p>\n

Today, the business has more IT know-how than ever. As a consequence, much innovation and much investment in applications today circumvents the IT department. Shadow IT is the term used for this trend. My article  <\/span>How To Deal With Shadow-IT Application<\/i>s<\/a> discusses this trends and its implications from a governance perspective.<\/p>\n

The article Business Applications: On the Tension between Efficient Testing and Compliance<\/a>, based on a keynote I gave at a workshop of the s<\/i>pecial group TAV of German Informatics Society, discusses the relationship between effectiveness, especially in testing, and compliance needs.<\/p>\n

The ISO27001 norm does not only impact an IT security Organization, but the software development and testing as well. Read the article What Developers and Testers have to know about the ISO 27001 Information Security Standard<\/i><\/a> for more details.<\/p>\n

The article Data-Privacy Assessments for Application Landscapes: A Methodolog<\/a> <\/em>addresses how to test whether an application exposes sensitive data. So the focus is on identifying potential leaks which might be exploited later on.<\/p>\n

The article Testdaten als Risikofaktor <\/a><\/em>(in German) explains the for losing sensitive data (or violating regulatory needs) in development and test environments .<\/p>\n

In Data-Loss-Prevention-Tools minimieren Sicherheitsl\u00fccken in Testumgebungen <\/a><\/em>(in German), we discuss how data loss prevention tools can help managing compliance and data loss related risks of test environments.<\/p>\n

Besides the articles, the following two videos provide detailed information on when investing into data loss prevention tools makes sense plus how they identify sensitive data and information.<\/p>\n