Accuvant Unveils New Data-Centric Security Framework

DENVER - May 5, 2010 - Accuvant, the only research-driven information security partner delivering alignment, clarity and confidence to enterprise clients, announced today the availability of its Data-Centric Security Framework. This new offering is comprised of several services that will be delivered by Accuvant's Risk and Compliance Management and Technology Solutions teams, which are responsible for helping clients build and manage ongoing programs that pave the way for a healthy compliance posture and utilize the right technologies for their environments.

Accuvant's Data-Centric Security Framework helps clients implement a Data Loss Prevention (DLP) strategy through sensitive data categorization and execution of repeatable security strategies, which can maximize investments in data protection controls and infrastructure. The framework consists of five steps that begin with data ownership and classification and end with a clear and effective data protection program that enables incidents and breaches to be properly handled.

"The first step of Accuvant's Data-Centric Security Framework is to understand and inventory our clients' sensitive data handling and critical system ownership. From this, we can determine the effectiveness of the current security program and system controls, and recommend the services and technologies that should be implemented to close the gap to get them where they need to be," said Doug Landoll, director for Accuvant's Risk and Compliance Management team. "Defining what sensitive information exists, where it resides and how it must be protected is the underlying principle of Accuvant's Data-Centric Security Framework, and ensures that our clients can make the most efficient use of their security dollars."

Accuvant's Data-Centric Security Framework is a departure from traditional DLP projects in that most are centered on the technology and assume that the organization has already defined its data, developed policies and put critical controls in place. Accuvant's Data-Centric Security Framework turns this concept on its head and instead focuses on the sensitive data first, with a review of the existing controls and pragmatic use of available DLP tools and technology thereafter.

Accuvant's Data-Centric Security Framework is structured as follows:

Step 1 - Clarify: This step is for organizations that want to understand the reality of their data, including current threats and concerns, data flows and data protection. Services include:

  • Information Governance Program Development
  • Data Lifecycle Management

Step 2 - Locate: This step is for organizations that want to discover the location of all in-scope sensitive data assets, such as credit card data. Services include:

  • Data Discovery Scanning Exercise

Step 3 - Evaluate: This step is recommended for organizations that need to make functional decisions to deal with discovered data assets. Services include:

  • Preliminary Risk Assessment
  • Effective Data Constraint and Retention

Step 4 - Apply: This step is for organizations with information governance programs that need help selecting the right technology solution for their environment or writing and implementing policies that meet compliance requirements. Services include:

  • Data Protection Program Development
  • Compliance Program Development

Step 5 - Respond: This step of the framework is for organizations that want a highly specialized point solution. Services can include:

  • Post-Implementation Risk Assessment
  • Incident Handling Program
  • Table Top Exercises
  • Incident Response Plan testing
  • Forensics and Analysis

"Our top priority is ensuring the satisfaction of our clients, which includes providing them with the right tools and documentation to effectively communicate their organization's security requirements to senior management. We believe our new Data-Centric Security Framework will be well received by any client considering data loss prevention solutions," added Landoll.

About Accuvant

Accuvant is the only research-driven information security partner delivering alignment between IT security and business objectives, clarity to complex security challenges and confidence in enterprise security decisions.

Accuvant delivers these solutions through three practice areas: Risk and Compliance Management, Accuvant LABS and Technology Solutions. Based on our clients' unique requirements, Accuvant assesses, architects and implements the policies, procedures and technologies that most efficiently and effectively protect valuable data assets.

Since 2002, more than 2,500 organizations, including 35 of the Fortune 100, have trusted Accuvant with their data security challenges. Headquartered in Denver, Accuvant has offices in 27 cities across the United States. For more information, please visit http://www.accuvant.com/, follow us on Twitter: @accuvant, or keep in touch via Facebook: http://tiny.cc/facebook553.