Principle No. 1: Focusing on a Few High-Value Controls

By Mitch Christensen  |  Posted 2010-11-05 Print this article Print

Principle No. 1: Focusing on a few high-value controls

Despite this gloomy state of affairs, a more efficient use of compliance and audit solutions is possible. Applying a few key principles are the keys to success. The first of these principles is to focus on a few "high-value" controls that have clear benefit if deployed broadly in the organization. This includes:

1. Data identification: Locate and classify sensitive or valuable data.

2. Identity-based access control: Control who can access this identified valuable data.

3. Data access auditing: Maintain an audit trail of who accesses sensitive data and, whenever possible, what they do with it.

4. Change management: Control and audit all changes to platforms and applications hosting critical data.

5. IT administrator controls: Although admittedly one of the most challenging, this is also one of the most critical controls to achieve. Without reliable auditing of all activities of system administrators-including tying generic system admin account usage to the actual users-it's pretty much impossible to protect much of anything.

6. Third-party controls: Outsourcing needs to be accepted for the major trend that it has become, and sufficient attention must be given to security of third-party consultants and service providers.

These are a good starting point. If they can be broadly and efficiently applied, an improvement in overall security posture will follow.

Mitch Christensen is Chief Technology Officer and Chief Architect at PacketMotion. Mitch has more than 25 years of experience designing and developing groundbreaking technologies that include distributed systems, search engine software and large-scale data storage solutions for government and commercial customers. Before joining PacketMotion, Mitch was the chief architect and lead designer for Informatix where he deployed an innovative search engine, document management system, and next-generation paperless payment processing systems for governmental agencies. Previously, Mitch served as the principal architect at Centegy Corp., where he led the development of the flagship remote integrator business integration server. Mitch also worked as senior architect at The Dialog Corporation where he brought their proprietary search engine technology and massive online content to the Web. In addition, Mitch spent several years doing research and development in the telecommunications industry. Mitch holds a patent for core remote integrator technology. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel