CMMI Institute

Newsroom

The latest information for media, analysts, and others interested in the CMMI® Institute and process improvement.

  • Blog
  • Data Security and Integrity in a COVID-19 World

Data Security and Integrity in a COVID-19 World

By Ron Lear, Director of IP Development and Architect of CMMI Products and Services at ISACA
 
Although the World Health Organization (WHO) declared the new coronavirus a global health emergency as recently as 31 January 2020, there already is an incredibly robust amount of data being gathered, analyzed and leveraged by many organizations. This is both good news and bad news.

In times like this of crisis and turmoil, organizations are learning the hard way that their data are not as secure as they need to be. With a large percentage of the staff in many organizations working from remote locations, threats and vulnerabilities are more likely to occur, not less. Hackers, competitive spies, and a workforce that is performing tasks and holding meetings on potentially unsecure networks are rapidly exposing organizations to data spills or breaches, data loss, and data misuse or accidents.

There are myriad ways that staff members may inadvertently fall prey to scammers. According to Kaspersky, there are many coronavirus-related scams that can compromise systems. These include fake pandemic map web sites that try to steal sensitive data; phishing emails touting important updates and offering links that can infect devices with viruses, malware and spyware; and fake online shops offering in-demand products such as hand sanitizer, face masks, and coronavirus tests, enabling scammers to obtain important passwords and bank details.
 ZDNet reported that Kaspersky found that the number of brute-force attacks targeting RDP endpoints has rocketed globally since the beginning of March. RDP or Remote Desktop Protocol is a proprietary Microsoft technology that enables users to log into remote workstations across the Internet. These attacks increased when most countries imposed quarantines and stay-at-home orders.

This combination of events makes it especially important for organizations to ensure the management and governance of their data. ISACA’s CMMI Data Management Maturity Model (DMM) has grown and evolved to be the resource used by enterprises worldwide to help with this challenge.

For example, the DMM can help organizations address and answer some essential data management questions that can make data more secure whether at rest/stored, transported or being modified. Are your executive stakeholders visibly and actively supporting an organizational data management strategy? Are staff capabilities and resources in place to architect, design and lead the data management and data security program? Is there a commitment to provide training to enable maturity and security of the data management program?

The Data Management Maturity model can also help address other critical data management issues, while not necessarily directly related to security, but are critical to ensuring that the data security approach is sound and effective.  Data quality, as one example, is a key issue in most organizations.  Data cleansing is another example where the DMM provides proven guidance for organizations to use to better manage their data, data operations and data lifecycle management.

There are many bad actors trying to take advantage of the pandemic. Ensuring strong data management, data maturity and data security will help protect your enterprise from them.