| Share

New ISACA Resource Offers Key Tactics Organisations Can Use to Ensure Data Security and Compliance

SYDNEY, AUSTRALIA (29 April 2020) – Expanding regulatory demands for information protection and user security call for having processes and technology solutions to achieve data security and compliance without compromising user productivity. These are highlighted in a new paper from ISACA sponsored by Microsoft, “Achieving Data Security and Compliance: How to Safeguard Identity, Protect Information, Reduce Risk and Create Value.”

The paper identifies steps enterprises can take to achieve compliance and data security without experiencing a separation between information security controls and data security requirements, including:
  1. Make the connection between the user’s data and the user’s identity. This will safeguard data and secure the enterprise from attacks that depend on social engineering.
  2. Embrace an identity-centric approach. In the past, security architectures placed data or digital assets at the core of their diagrams, with identity on the outer tiers. An identity-centric approach acknowledges the fundamental importance of the human element for the entire enterprise.
  3. Implement deep data classification. The user can be an effective force in security; by allowing his or her participation, the user can have an incredible impact on the enterprise’s security and compliance.

“People play a critical role in the success of an enterprise’s security and compliance program,” said Richard Bird, Chief Customer Information Officer for Ping Identity, and lead developer for the white paper. “An identity-centric approach enforces the notion that protecting people’s identities is as vitally important as protecting their data. Resources like this can help guide organisations in effectively weaving in the human element throughout their data security and compliance initiatives.”

The paper also includes a list of key elements that a data security and compliance program must embrace, including:
  • Discovering the purpose, use and location of data inside and outside of the enterprise.
  • Identifying the sensitivity and criticality of the data.
  • Deploying technology solutions which enable continuous monitoring of the data management processes and user identity to ensure that data security and compliance is being achieved.
“In the challenging environment we face today, there’s never been a more important time to ensure your data is protected,” said Alym Rayani, Senior Director, Microsoft 365 Compliance. “Implementing data protection and identity-focused strategies are key to keeping people secure and productive, especially in remote work environments.”
To access the complimentary white paper, visit www.isaca.org/bookstore/bookstore-wht_papers-digital/whpdsc. Gain access to additional educational resources from ISACA at www.isaca.org/resources.

About Microsoft
Microsoft® (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organisation on the planet to achieve more.


For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide.

Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews

Julie Fenwick, jfenwick@daylightagency.com.au
Karen Keech, kkeech@daylightagency.com.au