0      0

(ISC)2 Security Congress 2022

2101732 - Why We Fail at Data Security (and How to do Better)

Oct 11, 2022 4:15pm ‐ Oct 11, 2022 5:15pm


Data security sounds simple enough: Find your sensitive data, then protect it. Why, then, is the industry littered with failed programs and shelfware? The main culprit lies in the pervading "first, discover all data" approach. Long, resource-intensive data discovery efforts lead to slow ROI, guesswork KPIs and the inevitable call from leadership asking "What have you actually protected?" It's time for a new approach. Data discovery still has its place, but it is subordinate to data security's true objective—controls to actively protect data, efforts to educate users. Drawing on lessons from actual implementations, lean manufacturing and Agile, we'll explore a framework to protect data better and faster.

Learning Objectives:
  • Articulate the limitations of a discovery-centric data security approach, such as delayed ROI, lack of direction and stakeholder disillusionment.
  • Understand and describe an agile approach to data security, focusing on data-discovery agnostic controls and quickly transforming knowledge gleaned from data discovery into meaningful products and outcomes.
  • Relate constructing a data security programs to concepts that are meaningful to stakeholders and executives, such as ROI / product creation, Lean / Agile methods and inventory management.


  • Zach Luze, Senior Manager, Data Security Advisory, Kudelski Security

You must be logged in and own this session in order to post comments.