Governance & Risk Management , Privacy , Security Operations

How the Data Security-Privacy Nexus Affects Enterprises

Gartner Exec Nader Henein Explores Its Evolution, Use Cases and Advantages
Nader Henein, vice president analyst, Gartner

The interplay between security and privacy has changed some aspects of data management and protection. For example, in addition to considering the sensitivity of data in isolation, we now need to consider the sensitivity of data in the context in which it is used.

See Also: Effective Communication Is Key to Successful Cybersecurity

Nader Henein, vice president analyst at Gartner, says: "Security has always hinged on the concept of data classification schemes that define how we're going to protect information. Privacy takes that concept and evolves it: It's not just the sensitivity of the information. It's also how it's being used. So it's data sensitivity in the context of its use."

Organizations must get to know their data well, and this does not just mean knowing its sensitivity classification, he says. They must be aware of "what that information is exactly, why it was collected, who is using it within the organization, who it is being shared with, how it is being used, how long it should last within the organization, etc.," Henein says.

He recommends adding metadata around raw information to help protect it in a very specific context.

In this interview with Information Security Media Group, Henein also discusses:

  • The factors driving the union of data security and privacy;
  • How their interconnectedness can assist security and risk management leaders;
  • Balancing the sharing and security of data, especially in a supply chain.

Nader has two decades of experience in the information privacy and data protection sector. His focus area for the past decade has been to understand the core drivers behind data protection regulation and translate them into "practical privacy" for businesses.


About the Author

Brian Pereira

Brian Pereira

Sr Executive Editor - CIO.inc, ISMG

Pereira has nearly three decades of journalism experience. He is the former editor of CHIP, InformationWeek and CISO MAG. He has also written for The Times of India and The Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.