Home / Resources / News and Trends / Newsletters / AtIsaca / 2021 / Volume 21 / Encryption and Extended Monitoring to Protect Secret Information

Encryption and Extended Monitoring to Protect Secret Information

Advanced Security
Author: ISACA Now
Date Published: 14 July 2021

All companies —no matter how small— need some form of a security program to protect their secret information. However, the security that is currently in place to protect those secrets are oftentimes insufficient. In the recent “Advanced Security for Secret Information” episode of the ISACA® Podcast, ISACA® Journal columnist Steven Ross discusses the use of encryption and extended monitoring to keep the “bad guys” at bay from stealing your important information.

“There is information that has extreme importance, for which the disclosure of that information would have serious ramifications,” Ross says. “Almost every organization of any serious magnitude has information that is considered to be secret. Not necessarily for all time, but secret for a period of time in which it has to have higher than normal levels of information security.”

Determining what information is considered secret can be challenging, but a good place to start is working with the legal department, which typically has a good idea of what information falls within secrecy. However, the privacy team can also play a key role. “I think that there’s a great deal of it that is going to require a certain amount of thinking outside the box, and that is where the privacy professionals have a leading edge because they’re already dealing with information that requires protection over and above the usual access controls and encryption,” Ross says. “It’s a matter of saying, ‘What do we have that we should not release?’, and that will of course depend on the industry.”

Although the condition of secrecy has not changed over time, what has changed is the level of threat. “There are now people with much more powerful tools and a lot more money who are willing to spend that money and use those tools to get the information,” Ross says.

To learn more about protecting secret information through advanced security, listen to “Advanced Security for Secret Information” on the ISACA website or stream it on Apple PodcastsPodbeanSpotify or Stitcher, and read “Advanced Security for Secret Information” in the ISACA® Journal, vol. 3, 2021.