Understanding Government Access to Data
As I discussed in Chapter 6, The Roles Governments Play in Cybersecurity, often times the term “government” is used in a way that suggests it is one thing. But in reality, governments can be organized into many different parts. In the context of government access to data, it’s important to recognize that specific parts of governments want to use data in ways that support their specific agendas. Narrowing the conversation to these scenarios makes it possible to better understand the risks they might pose to your organization and possible mitigations for them. The more specific we can define a threat, the clearer it becomes whether we can mitigate, transfer, or accept the risk it poses to our organization. Thinking about the US government as a single entity with a single agenda isn’t accurate and isn’t helpful to CISOs, security teams, and executives that are serious about understanding and mitigating risks to their...
