Take a Product Tour Request a Demo Cybersecurity Assessment Contact Us

Blogs

The latest cybersecurity trends, best practices, security vulnerabilities, and more

Data Security - A Hero's Journey

Our story begins when our Hero, Axel Street, assumes the Chief Information Security Officer role for the National Superhero Keeper Agency (NSKA).

Axel has always dreamed of giving back to the Superhero Community, and protecting the NSKA’s information is just that chance.


Axel first meets Gaurav Khan, NSKA’s Chief Information Officer. Gaurav was not in as good of a mood as Axel. Gaurav began pressing him on the agency’s Zero-Trust initiative.

“We haven’t implemented advanced Data Security solutions, like DLP.” ~ Gaurav


Axel reached out to his Information Security Manager, Binary, to get the back story on DLP. Binary explained that they had no idea what data they were supposed to protect. He also mentioned that out-of-the-box rules from DLP Vendors threw such a massive number of false positives that they couldn’t research any incident.


Now ready for battle, Axel consults with his AI Assistant Findlay.

Findlay. explains the key challenges of DLP.

  • Vague Legal Guidance
  • Effective Data Governance
  • Data Asset Inventories
  • Building a Data-Driven Culture
  • Incorporating Security Operations

Findlay recommended that he utilize one of NSKA’s allies, Trellix Professional Services, to help resolve their DLP challenges.

Trellix assigns Ice Storm to the engagement.


Ice Storm explains to Axel that other departments are more than likely working through similar challenges. When you need to understand and protect the data, start with your Chief Data Officer.


Axel and Ice Storm meet with the NSKA CDO, Rain Maker.

They discuss the NSKA’s:

  • Data Strategy,
  • Identifying Trade Secrets,
  • The maturity of their Data Governance initiatives, and if they have assigned any roles and responsibilities.
  • Building a Data-Driven Culture

Rain Maker mentions that their Data Strategy aims to enhance customer experiences by utilizing a segmentation strategy focused on their Superhero Identity Management System for SIMS Agents.


Rain Maker also shared a rough draft of a Data Governance chart for our heroes to work from and conduct a Data Security Centric Data Asset Inventory.


Working off the Data Governance Org Chart, Ice Storm wants to meet with the Legal/Chief of Compliance/Risk Management Team to review:

  • Legal Regulatory Compliance
  • Critical Data Elements (CDE)
  • Data Risk Assessments
  • Data Sharing Agreements

Alouette determined that Secret Superhero Information (SSI) was the highest risk and that we should start with Data Domains that deal with SSI.


Since the SIMS Agents are our most critical Business Unit in our Data Strategy, Ice Storm and Axel Street start with Croix the head of the SIMS Agents department.

They ask how they use sensitive data in their daily operations with a key focus on:

  • Where they consume the data
  • Where they store the data
  • Who they share the data with

Our heroes then interview Depth Charge, the Data Operations Manager, to gain a better understanding of the data in SIMS.To improve policy development, our heroes should clearly understand several data operation processes.

  • Data Flow Maps
  • Data Storage Types
  • Data Operations and Quality Processes
  • Metadata Management
  • Data Consumers

Our heroes then work with the DevOps Manager for SIMS, the Dynasty. Ice Storm needs to know about source code repositories, Data Consumers, and Metadata Management.

Ice Storm explains that Trade Secrets like source code for SIMS can be stolen and fuzzed, exposing SSI Data.


Axel and Ice Storm present their discovery to Binary to implement pilot DLP rules for SSI, and the vision becomes clearer.


In Joseph Campbell's original concept of the hero's journey, he outlined several stages that a hero typically goes through, and encountering helpers and mentors is a key part of this process.

Trellix Professional Services is here to assist you in your pursuit of your Data Security initiatives, ensuring optimal results. Throughout this series, we will delve into Axel's journey by exploring components in greater detail through individual episodes.

Get the latest

Stay up to date with the latest cybersecurity trends, best practices, security vulnerabilities, and so much more.
Please enter a valid email address.

Zero spam. Unsubscribe at any time.