Asset Security

Asset Security

Information Life Cycle

  1.     Acquisition
  2.     Use
  3.     Archival
  4.     Disposal
    
Information Classification
Classification Levels - Commercial Business - highest to lowest


  1.     Confidential
  2.     Private
  3.     Sensitive
  4.     Public
    
Classification Levels - Militarty purpose - highest to lowest
  1.     Top Secret
  2.     Secret
  3.     Confidential
  4.     Sensitive but unclassified
  5.     Unclassified
    
Classification Controls
Layers of Responsibility

  1.     Executive Management
  2.     CEO
  3.     CFO
  4.     CIO
  5.     CPO
  6.     CSO/CISO
  7.     Data Owner
  8.     Data Custodian
  9.     System Owner
  10.     Security Administrator
  11.     Supervisor
  12.     Change Control Analyst
  13.     Data Analyst
  14.     User
  15.     Auditor
    
Retention Policies

How ?
  1.     Taxonomy
  2.     Classification
  3.     Normalization
  4.     Indexing
    
How Long ?
  1.     Business Documents - 7 years
  2.     Invoices - 5 years
  3.     Accounts payable and receivable - 7 years
  4.     Human Resource Files - 7 years (Hired and Leave) or 3 years (candidates not hired)
  5.     Tax records - 4 years after the taxes are paid
  6.     Legal correspondence - Permanently
    
What Data ?
    e-Discovery
  1.         Identification
  2.         Preservation
  3.         Collection
  4.         Processing
  5.         Review
  6.         Analysis
  7.         Production
  8.         Presentation
    
Protecting Privacy
Data Owners    
Data Processers    
Data Remanence
  1.         Overwriting
  2.         Degaussing
  3.         Encryption
  4.         Physical Destruction
    Limits on Collection
    
Protecting Assets
    Data Security Controls
  1.         Data at Rest
  2.         Data in Motion
  3.         Data in Use
    Media Controls
  1.         Tracking
  2.         Effectively implementing access controls
  3.         Tracking the number and location of backup versions
  4.         Documenting the history of changes on media
  5.         Ensuring environmental conditions do not endanger media
  6.         Ensuring media integrity
  7.         Inventoring the media on a scheduled basis
  8.         Carrying out secure disposal activities
  9.         Internal and external labeling
        
Data Leakage
Date Leak Prevention

    General Approaches to DLP
  1.         Data Inventories
  2.         Data Flows
    
    Data Protection Strategy
  1.         Backup and recovery
  2.         Data life cycle
  3.         Physical Security
  4.         Security Culture
  5.         Privacy   
  6.         Organizational change
        
    Implementation, Testing, and Tuning 
  1.         Sensitive data awareness
  2.         Policy Engine
  3.         Interoperability
  4.         Accuracy
    
    DLP Resiliency
        
  1.     Network DLP
  2.     Endpoint DLP
  3.     Hybrid DLP

Protecting Other Assets
  1.     Protecting Mobile Devices
  2.     Paper Records
  3.     Safes

Comments

Popular posts from this blog

OIM 11g R2 PS2 : SOA Approval Workflow Sample

OHS 12c (12.1.3) webgate deployment and configuration

Oracle Identity Manager (OIM) Interview Questions