Trial lock

This Research is for Members Only

Not a member? Unlock a free sample of our research now!

Already a member?

Sign in now

Security icon

Build Your Data Security Armor to Withstand Attacks and Audits

In the battle for data security, the best defense is a good offense – take charge and anticipate data audits and breaches before they happen.

Unlock a Free Sample


This content is retired but we have related up-to-date content below.

View Storyboard

Solution Set Storyboard Thumbnail


  • Casimer DeCusatis, Ph.D., The New York State Cloud Computing & Analytics Center at Marist College
  • Adele Da Veiga, Ph.D., College of Science, Engineering and Technology, School of Computing, University of South Africa
  • Naveed Islam, Manager of Cyber Security, KPMG Canada
  • Rob Knoblauch, VP Enterprise Security Services, Scotiabank

Your Challenge

  • Staying ahead of a data threat environment that is rapidly changing is difficult. Hackers only have to find one weakness in your organization’s defenses, whereas you have to be aware of the entire picture.
  • Being responsible for the security of your organization’s data has high stakes and a low payoff. A data breach would cause loss of money and customer trust, and ruin your brand reputation. Yet, if data security is effective, you don’t get noticed.
  • Not only do you have to worry about attacks, but preventing fines and lawsuits due to violations of regulatory and compliance requirements adds to the headache.
  • While an increase in data volume and system capability and interconnectivity is great for the business, this spells a major headache for those who have to worry about keeping those items safe from attacks and compliant with regulatory requirements. This creates a need for organizations to adopt a formal approach to securing and auditing data.

Our Advice

Critical Insight

  • Threats are quickly evolving, and your security must evolve with them. Just being compliant isnt enough. Compliance is a litmus test for the organization, but standing still means that your security will eventually fail. You must be proactive in guarding your data.
  • Data audit can enable IT to give a qualified yes for business access to data. Audit is key to keeping your data truthful, and trusting in your data is the first step in generating data insights.
  • Data security is everybody’s business. Errors may fall on your shoulders, but you can’t prevent them all by yourself. Using the proper tools and strategy, convey the importance of everybody’s role in data security and data breach prevention.

Impact and Result

  • Keep your policies and procedures up to date and well communicated to prevent these headaches and the inevitable loss of trust in you and your team. In turn, you will also safeguard against larger corporate issues, such as threat to reputation and brand image, and a loss of confidence from your internal and external stakeholders (employees, customers, partners).
  • Become audit-ready internally by practicing the real thing. Prepare in advance to make the audit process rigorous, yet smoother and less time intensive.
  • Stress the importance of data security in the organization to convey the idea that data security is everyone’s responsibility.
  • Stay ahead of data compliance and security to gain peace of mind while increasing the trust that external parties have in your organization, improving customer retention and value of the organization.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should implement airtight data security and a sound data audit process, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

2. Prepare to pass your data audit

Prepare for a real data audit by practicing an internal audit and generating a sample data audit report.

3. Weave ongoing data security into the fabric of your organization

Ensure sustainability in the program by communicating and instilling data security practices across the entire organization.

Guided Implementations

This guided implementation is a nine call advisory process.

Guided Implementation #1 - Build your data security profile

Call #1 - Review the organization’s industry backdrop and data environment. Determine and document the data security scope, rationale, and key definitions.
Call #2 - Identify key players in data security, including the policy owner. Inventory and classify the organization’s data.
Call #3 - Create the Enterprise Data Security Policy based on gathered requirements.

Guided Implementation #2 - Prepare to pass your data audit

Call #1 - Determine the benefits a data audit will provide for your organization and whether now is an appropriate time to conduct a data audit.
Call #2 - Complete user interviews and discuss results. Walk through summary of key data issues.
Call #3 - Discuss the corrective plan and the short-term and long-term plans to rectify data security issues.

Guided Implementation #3 - Weave ongoing data security into the fabric of your organization

Call #1 - Understand why it is important to create a data security awareness program.
Call #2 - Create a strategy for communicating the awareness program, including a schedule and communication methods.
Call #3 - Conduct ongoing updates and reviews of data compliance and security policies, procedures, and tactics.

Onsite Workshop

Discuss This Workshop

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Build the Enterprise Data Security Profile

The Purpose

  • The data security profile consists of the organizational drivers for the data security program, the stakeholders involved with data security in the organization, the governing laws and regulations, and the data present in the organization.

Key Benefits Achieved

  • A clear direction and comprehensive inputs for the data security program.




Understand the business drivers of the data security program.


Develop and document the purpose and scope of the data security program.


Identify and document your regulatory compliance obligations.

  • Data Compliance Checklist

Identify the key roles and responsibilities.


Inventory and classify the organization’s data.

  • Data Inventory Tool
  • Data Classification Tool

Identify other security obligations.

Module 2: Create the Enterprise Data Security Policy

The Purpose

  • After understanding the key elements of data security, you can create your comprehensive Enterprise Data Security Policy.

Key Benefits Achieved

  • The Enterprise Data Security Policy is your organization’s guiding tool for the data security program, and will be used by everyone in the organization to reference acceptable security practices.




Review the findings of the data security profile.


Use the profile to build the policy.

  • Enterprise Data Security Policy

Continue to build the Enterprise Data Security Policy.

  • Data Classification Tool

Module 3: Prepare for a Self-Audit

The Purpose

  • This module will help you to prepare for a real data audit by understanding the components of a data audit and practicing an internal audit.

Key Benefits Achieved

  • By practicing for a real audit and creating a data audit report, you can demonstrate due diligence to auditors.




Data audit overview.


Define the scope of the data audit.


Identify the audit team.


Identify users for interviews.

  • Data Audit Interview Schedule

Tailor the interview guide.

  • Data Audit Interview Guide

Complete the initial audit readiness assessment using the Data Audit Scorecard Tool.

  • Data Audit Scorecard Tool

Module 4: Create a Strategy for Addressing Gaps in Audit Readiness

The Purpose

  • Identify key data security issues and develop a plan of action to remediate those concerns.

Key Benefits Achieved

  • A practical roadmap will enable you to address key gaps in the organization’s audit readiness.




Discuss audit results and draw hypotheses.

  • Data Audit Interview Guide

Create a practical roadmap for addressing key gaps in the organization’s audit readiness.

  • Sample Data Audit Report

Discuss strategies for achieving audit success and compliance

Module 5: Create a Data Security Awareness Program

The Purpose

  • Making the data security program sustainable is important for keeping up with rapidly changing regulatory and threat landscape. Weave a sustainable and effective data security program into the fabric of the organization.

Key Benefits Achieved

  • Maintain momentum for the data security program by ensuring that the entire organization is knowledgeable and understands the key roles and aspects of the program.




Create a common understanding of the importance of a Data Security Awareness Program

  • Data Security Survey

Review the Data Security Seminar.

  • Data Security Seminar

Create a schedule and plan for communicating the Data Security Seminar in conjunction with the Data Security Survey.


Review the outcomes of the workshop.


Debrief with key executives and the business to demonstrate results.