insights (Sponsored by StoneX) August 2021 - 5

risk. This is highly dependent on regional
regulators with specific data protections
for right to be forgotten (removal of data),
management and protection of data, and
access and transit of the data.
After an internal audit, the security team
can begin exercises to create a risk registry
beginning with the highest risks. A build-out
program is designed to mitigate the risks of
what data was determined to be both sensitive
and incredibly important. This architecture is
a good starting point for looking at basic tools
to meet requirements.
This includes knowing which regulations
are in place to protect the data. This
information is highly dependent on
regional regulators, including the removal,
management, protection, access and
transportation of the data. Once the data
is identified, a plan is needed to transport
the data at certain levels of encryption. This
holistic view is based on what the risk is,
how the risk is ranked and mitigated, and its
overall position.
With this information in place, the security
5
team can create a template that will provide
the overall controls needed to implement and
enable the security profile. This will allow
an opportunity to place mitigations for risk
that were previously identified in the initial
steps and the ability to adapt the template,
as needed, to meet the current and future
security needs. Don't forget to also explore and
learn from other organizations such as the
financial industry that already have successful
data security best practices in place.
5. A Team and Layered Approach
The work of mitigating the next possible
attack requires a joint effort between the
management, the business, iT and security
departments altogether! Management has to
create a culture of security which encourages
training videos etc. IT provides access to data
and the ability to do work in a secure manner
and security is in place to protect IT.
From an employee's perspective, this might
take the form of educational training videos
clarifying how to recognize phishing emails,
calls and texts. Or it might take the form of

insights (Sponsored by StoneX) August 2021

Table of Contents for the Digital Edition of insights (Sponsored by StoneX) August 2021

insights (Sponsored by StoneX) August 2021 - 1
insights (Sponsored by StoneX) August 2021 - 2
insights (Sponsored by StoneX) August 2021 - 3
insights (Sponsored by StoneX) August 2021 - 4
insights (Sponsored by StoneX) August 2021 - 5
insights (Sponsored by StoneX) August 2021 - 6
insights (Sponsored by StoneX) August 2021 - 7
https://www.nxtbook.com/sosland/fcs/insights-sponsored-by-stonex-august-2021
https://www.nxtbook.com/sosland/fcs/insights-sponsored-by-stonex
https://www.nxtbook.com/sosland/fcs/2020_05_01
https://www.nxtbook.com/sosland/fcs/2019_12_01
https://www.nxtbook.com/sosland/fcs/2018_11_01
https://www.nxtbook.com/sosland/fcs/2018_10_01
https://www.nxtbook.com/sosland/fcs/2018_02_01
https://www.nxtbook.com/sosland/fcs/2016_08_01
https://www.nxtbook.com/sosland/fcs/2015_11_01
https://www.nxtbook.com/sosland/fcs/2015_06_01
https://www.nxtbook.com/sosland/fcs/2014_11_01
https://www.nxtbookmedia.com