Professional Documents
Culture Documents
D2 Watermark
D2 Watermark
D2 Watermark
Top secret - grave image Owner - info classifying, control selection, identify
Laws - OECD guideline, GDPR, EU-US standard, set rules of protection by senior management
Secret - serious image Privacy shield
Business owner - balance need of security control (CBA)
Government
Confidential - damage
System owner - responsible for the
Unclassified - Available to anyone system on protection the data
with free of info act (FOIA)
Data Classifcation Controller - decide what&how data process
Confidential/Proprietary - grave
image [trade secret] Data Roles Processor - third party handling data as
behalf of owner, cloud, healthcare, bank
Private - serious damange [PII,PHI]
Non-government
Custodian - day2day responsibilities
Sensitive - damage [internal network] of protection data, IT department
1. Create an Asset Inventory - HW (barcode, User - responsible protection of data in use, due care
RFID), SW(Software Configuration, AD,LDAP,
nmap, software license, DLP), network logs Administrator - grant access
4. Protect based on classification 2. location - store In motion - tls/ssl, VPN, link encryption
(routing point), end-to-end encryption
5. Assess and Review Domain 2:
Asset
In use - RAM, caches, registers
Security
Cloud access security broker (CASB) -
monitor user activity and central 3. maintenance - use and share, scrub
control to enforce security data and remove data
Tailoring (fit)- modify control to Requirements Destruction (cannot reuse) - SSD acidic
align org's mission, better address spoil, shredding, incineration (burnt),
with org's environment disintegration (pieces), most secure