IS – Information Security has a specific Vocabulary. Knowledge of Key Terms enables Clearer Articulation of Governance Requirements. Threat is a Potential Offensive Action that could be taken against an …
Data Security – Goals and Principles
The Goals of Data Security Activities include: Enabling Compliance with Regulations and Policies for Privacy, Protection, and Confidentiality Ensuring that Stakeholder Requirements for Privacy and Confidentiality are Met Enabling Appropriate …
Data Security – Initiation
Let’s begin Information Security by Classifying an Organization’s Data in order to Identify which Data requires Protection. The Overall Process includes the following steps: Identify and Classify Sensitive Data Assets: …
Data Security – CRUD or CRUDE Matrix
A CRUD or CRUDE matrix is a useful way to capture and display activities and permissions within a system. You can use a CRUD matrix to observe how Processes handle …
ISMS – ISO/IEC-27001:2013 – Annex A
ISO = International Organization for Standardization IEC = International Electrotechnical Commission ISMS = Information Security Management System ISO/IEC-27001:2013 is the International Security Standard and Best Practice Guidelines, which details the …
Data Security in Data Management
Rule of Thumb: CIA Triad – Confidentiality, Integrity and Availability. Data Security includes the planning, development, and execution of security policies and procedures to provide proper authentication, authorization, access, and …