Public sector databases contain citizens' data, making them valuable targets. You must assesses the potential impact of compromised data and develop a risk mitigation plan with processes for reducing the risks.
"It is important to consider who has access to data, how much sensitive information is returned when database queries are made and what the physical security surrounding server rooms is," Desouza says.
He notes that you should also develop a communications plan alongside the risk mitigation plan to ensure that messages are accurate and advance the goals of your agency or program. The communications plan should include dealing with press, academia and other agencies.