Identify all data categories and sensitive data that you keep
Every organization keeps, processes, and sends sensitive data to conduct business, whether it’s consumer payment information, patient health records, personal financial information, or intellectual property. It is our responsibility as a business to preserve it. To do so, we first recognize the kind and type of sensitive data they hold.
Define the location of such information
After determining what sensitive data they have, we establish where it is kept. Is that information stored in spreadsheets or text documents on file sharing, in addition to obvious places like databases? They can’t safeguard sensitive data if they don’t know where it is. It may be hard to safeguard every device (computer, mobile device, etc.) in their businesses. However, we identify sensitive data in their environment and establish controls around the operations that store, process, or transfer it.
Make a list of all the hardware and software components in your network
As basic as this may appear, it is an area where firms are most harmed, including the infamous Equifax incident. When serious vulnerabilities are disclosed, we know which devices in their environment must be updated or patched. Keeping track of their hardware and software components is essential for developing a good cybersecurity program.