Taking a holistic view at data protection


Whenever you hear the mantra of holistic medicine most people cringe and hide under the bed.   Maybe it has been pushed for so long that it no longer has the impact that it use to have.   A holistic attitude to health is just a combination of exercise, good eating, resting and if necessary the right drugs to get your body and mind all working in the same direction.

In the ICT world this is all the same.    Taking a holistic view of data protection, cyber prevention and a stand against cyber crime, we are also taking a holistic view on the solution.    A holistic view of this is to use a framework to protect your critical data and infrastructure.

How to be holistic and still protect your business

A combination of the following features are included in the holistic outlook for business protection.

 Technology – all of the technology that you use within your business that has a protective and business role.   This includes your front facing systems, the systems that connect it all together and the applications and operating systems that your use to create wealth within your business.

 Management – these are the management components of your business.   They include the policies, procedures and processes you use to create an advantage over your competitors air how you generate your pricing structure.   It also includes auditing and reporting as well as training.

 Adaptability – this is your resilience component.   Making sure that if something does happen that the business is in a place to recover and keep on going.   This facet includes risk management, business continuity and disaster recovery.  It also includes the cyber resilience that is needed in today’s business world.

 Compliance – we all have some level of compliance within your business.   Some businesses only have a taxation requirement but there are other businesses that have a burden of regulation restrictions.

 Working out what needs to be protected

One of the most important components of a holistic outlook for your business is to make sure that you have done a risk analysis on what YOU need to protect within your business. It is no longer a cut and dried process.  It is no longer a cookie cutter process of one fits all.   Each business is different, each business has a different emphasis on its processes and procedures.   Each business has a different outlook on what it considers successful.

 This is why a holistic attitude to your business security will work.   It is not based on what the other businesses in your area are doing.   Both geographic and similar businesses need to be able to put what they consider the right combinations and requirements in place.

 Each business is different, each business is the same.   This is different from burying your head in the sand and saying it will not happen to me.    This is a concerted look at your business requirements and your protective envelope and making sure that you are protecting your business, your staff and your clients in the best way possible.


A holistic attitude to business security is not something that has to be done straight away.   It is more an attitude change.   One super widget is not going to be the total solution for your business, although most people assume that it is.   A holistic attitude takes into account all of the requirements for a cyber security solution but by using a large number of inexpensive components and processes.

 A holistic protective system is like using chain mail.   It is flexible but it also protects the wearer from attack.   How you build that suit of armour is up to you.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.