Security Blog

Building and Managing a Data Security Practice

Building and Managing a Data Security Practice

Micro Focus Contributor

Welcome to 2019. The time for New Year’s resolutions. When solution architects promise product marketing managers that in fact, yes, we will write that blog we promised. Yet I digress... 😊

Building and managing a data security practice2.png

We have corporate New Year’s resolutions at Micro Focus as well. One of them is to help customers and partners build out successful data security practices. And thus respond proactively to the growth of cyber security invasions from those wishing to profit by stealing our data.

That’s where this blog comes in. Over the coming quarter, we’ll discuss an informal handbook, if you will, for building and managing a data security practice. This post is the introduction to a series delving into questions we receive from customers and partners centered around the data security practice.

First, we’ll “level set” and define some terms. What is a data security practice? And how is it different from other information security practices?

Second, we’ll identify the business value of protecting data. Information security is not free, of course. So given all of the potential ways we could secure our information systems, what is the financial benefit of protecting the data itself?

Third, we’ll discuss the concept of the data protection stack. And why data security offers the strongest information security protection. Those of you involved with network security and the importance of the ISO OSI[1] networking stack will feel right at home with this one.

Next, we’ll launch into the “meat” of building a data security practice with a process-oriented approach following the CMU SEI CMM.[2] We’ll introduce the concept of a process-oriented practice model and then publish one post for each of these processes:

  • Process I: Identifying critical assets, data, and intellectual property.
  • Process II: Evaluating threats against and vulnerabilities of these critical assets.
  • Process III: Addressing governance and regulatory requirements.
  • Process IV: Developing a prioritized security strategy
  • Process V: Implementing data security throughout the enterprise
  • Process VI: Monitoring effectiveness and incremental improvements

This process is based on PCM, Inc’s (a Micro Focus partner) Seven Steps to Data Centric Security. Thanks, PCM! 😊

And for the final blog post, we are saving the absolute best for last: success stories from customers who have implemented data security. How has data security helped our customers generate more revenue? And keep their customers delighted?

The most important part of this blog? You! Please post your comments and thoughts on this blog. Let us know about your real-world experience that compliments or contradicts the discussion at hand. We take your comments seriously. After all, Rule #2 is to see Rule #1!


[1] International Standards Organization (ISO) Open Systems Interconnection (OSI).

[2] Carnegie Mellon University (CMU) Software Engineering Institute (SEI) Capability Maturity Model (CMM).

0 Kudos