Data Collection, handling and Storage: Control mechanism to ensure data doesn’t fall into the wrong hands.
Six Principles:
- Governance:
- Policy: Level of Sensitivity
- Classify data: Internal Use/ External Use
- Catalog: Where is all our data
- Resilience: Ability to recover data, the plan to do so?
- Discovery: Where all information is? Is the data structured or unstructured?
- Protect:
- Encryption
- Key Management
- Access controls- MFA
- Backups
- Compliance:
- Data Audit
- Deletion of old Data
- Detect:
- Misuse of Data
- Monitoring Data Movement.
- UBA: User behavior Analytics: Deviate from the norm
- Use of analytics
- Alerts, we need to take action.
- Respond: In case we have a data breach how should we respond.
- Cases- Tracking of cases to completion.
- Dynamic Playbooks: Allows to guide the analyst through detect the steps
- Orchestration
- Automate
Guidelines on Data Security Approach.
- Structured Approach
- Holistic view
- Architecture
- PPTs- People Process & Technologies