Академический Документы
Профессиональный Документы
Культура Документы
I MPACT YOU?
Trusted Impact Pty Ltd, Level 4, 210 Albert Road, South Melbourne 3205
secure@trustedimpact.com, (03) 8623-2890
Tools are only as good as the people using them, so a good deal of planning and tailoring to your environment is still needed.
The most important assets of a business are its data, and taking care of business means protecting business data. Data means
customers, communication, cash flow, and productivity figures. Without it, companies risk losing a host of factors in addition to
direct revenue: reputation, market share and brand equity.
By understanding, prioritising, and securing sensitive information, enterprises can better manage the risks associated with the
ever changing world of Information Security, now and in the future, and avoid the perils of having to explain why it didnt protect
such information.
Compliance bodies
Understanding the nature of the business is a fundamental Once the baseline has been formulated and tailored to the
key to successfully reducing cost in an organisation. Here, business, and the data has been identified and categorised,
companies must lead some healthy discussions and ask some the next step is to find out where it all lives. Is it spread
simple but critical questions across numerous systems or all sitting on the G: drive which
happens to be under the receptionists desk? What burden is
What business are we in? this placing on your backup strategy? Can these systems be
consolidated, and what about protecting the sensitive
Who are our customers? Who are our stakeholders? elements? Can some of these systems be hosted elsewhere?
Are you sure the data centre has been built to comply with
Is our business seasonal? set regulations and standards?
Are we influenced by unique events? Regulatory requirements
Are we transaction-intensive or a service based? The increasing emphasis on protecting data has many
regulatory drivers. For those companies that accept credit
All have a bearing on the IT strategy. A team with
cards for the payment of goods/services, there is the
representatives from all departments legal/compliance,
requirement to adhere to the latest Payment Card Industry
finance, IT, sales and product development should be
Data Security Standard. This standard applies to all
involved in developing the strategy, collaboratively.
merchants, and service providers that store, process or
Understanding the data transmit cardholder data.
All companies collect data in one form or another. By The Healthcare Insurance Portability and Accountability Act
analysing what data is collected and where it is stored, and (HIPAA) addresses security policies and procedures that
how it used is the fundamental starting point to ensure secure access, transmission and retention of personal
understanding this important company asset. health information. Therefore, protecting medical records is a
compliance issue for hospitals, insurance companies, medical
Which data is vital data that, if lost or stolen, would practices, laboratories, life sciences firms, and pharmacies. In
break the company? Australia, this is addressed by the Privacy Act 2001 and the
Health Records Act 2001.
Which data is critical data that, if lost or stolen,
would not cause the company to fail? The global financial world is impacted by Sarbanes-Oxley,
which dictates new policies and procedures for financial
Which data is not critical but useful? reporting and auditing. It affects public companies and their
accounting firms. It also addresses retention of financial
Additionally, is this data sensitive? A partial list could be: records. To be compliant, companies will have to adjust their
business processes to more rigorously protect their data.
Data Vital Critical Useful Other Sensitive?
eMail Yes Insurance companies, as well as regulators, are scrutinising
Financial Yes their clients data protection policies. Those firms whose data
Web server No is deemed at higher risk will pay higher premiums, since loss
of data translates into huge business losses. To mitigate their
eCommerce Yes
own risk, companies should consider suppliers data
Sales Yes
protection policies as well. If a supplier loses data, those who
Call centres No are closely linked could incur losses as well.
Support desks Yes
Internal support No
Portals Yes
Supply chain Yes
Legal Yes
Research and Yes
development
By transforming the most basic day-to-day processessuch Trusted Impact is an Australian-owned, invested and focused
as procurement, budgeting and reporting an enterprise will company - meaning we truly care about the success of
become more efficient, and reduce cost. By lessening the Australian enterprises and have a deep understanding of the
burden posed by these non-core tasks, the business can more relevant issues in the local environment. Our approach is to
efficiently capture the professional value of its staff, and uniquely combine solid business knowledge and experience
deliver better performance and better value to its customers. with a deep technical understanding and expertise in
information security and risk management to define
By having an automated workflow solution for approval pragmatic, reliable solutions to improve your business. We
processes, many manual processes have become automated, are people driven to help other people succeed in their jobs.
driving the savings of time and money. The value of this "Its not just about technology; it's about helping your people
functionality with regards to security is that these processes become more effective".
can ultimately determine a users level of access to a system,
and can be used to enforce segregation of duties as it relates Competitive differentiators for Trusted Impact include:
to managing user access.
Business Driven - A unique combination of expertise to
Companies should be able to set up specific, easily scalable deliver business outcomes from a deep understanding of
workflow processes consisting of one or more related steps to technology
implement, approve, and execute tasks. For example, these
tasks may include creation, deletion, and modification of Demonstrable results - Improvement is about your
identities (user, groups, accounts or roles); user self- people and how they do work not just about
registration, partner (company) self-registration, technology. We understand the people and process
subscribe/unsubscribe to groups or roles. issues which must be addressed to achieve successful
business outcomes
Prioritise and adopt correct technologies
Holistic expertise - A unique blend of integrated network
Whether its a new ERP system to handle the process and IT expertise to deliver more holistic improvements to
workflow, or the latest and greatest technology to protect or a companys IT and Network assets
deliver your data, adopting the correct technology tailored to
your business is the right philosophy to take. Take the time Our people - Our strength is our people and their
to understand the technology, and how it can play a valuable expertise. We have formal programmes to develop and
role in making your business successful. incent our people to deliver exceptional client service.
Our investment in our people means our clients get the
Bring it all together best resources in the market.
Take the next step toward achieving the benefits of improving www.trustedimpact.com
your security posture, while reducing the costs associated
with it, by contacting a Trusted Impact representative and The Author
scheduling a Solutions Workshop. Trusted Impact consultants
can then work with your IT team to assess the value of Bill Callahan is a Principal Consultant with Trusted Impact Pty.
Ltd. He has over 20 years of Australian and international
consolidating your environment, help you understand the
expertise helping clients improve their businesses. For further
sensitive data you hold and store, and provide a roadmap for information, call us on (03) 8623-2890.
designing and implementing a consolidated robust security
infrastructure framework.