10 Data Protection

This chapter is about data protection. Did you know if an attacker is able to break into your company’s network and steal critical data and the data stolen is encrypted, then it is not a breach? Yes – that is correct even under GDPR; if the data is encrypted, then it’s not considered a breach. Of course, if an attacker hacked their way into your network, they now have knowledge of it and will come back to try to find more data to steal. This is why you want layers of security built into your security program, known as defense in depth (DiD). Encrypting data alone is not enough, but it is an important step.

Understanding where your critical data is located and encrypting data at rest and in transit is critical to protect

Get A CISO Guide to Cyber Resilience now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

A CISO Guide to Cyber Resilience by Debra Baker

10

Data Protection

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly