On April 19th, NSHE Security Insights hosted an informal round table discussion between members of the NSHE Information Security Governance bodies and Gartner Research Director Matt Stamper. Matt shared his diverse domain knowledge spanning data privacy, compliance, and security controls in this hour long session. The lively Q&A with this recognized expert included:
- Adopting known sources for data classification such as those already produced in federal regulations such as HIPAA and GLB rather than reinventing the wheel;
- Applying data flow diagrams to identify where protected data may exist;
- Using a Business Impact Analysis to identify critical systems and where data controls fit;
- Engaging in tabletop exercises for incident response planning including scenarios where data has been transferred to a 3rd party;
- Involving student interns for data flow diagrams, business impact analysis, etc. for less sensitive systems may help with the resource burden (and a great learning project for students);
- Developing threat models for most critical applications and systems.