ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 22
CONTROL 03
03 - Data Protection
Safeguards Total
14
IG1
6/14
THE SAFEGUARDS
IG2 12/14
IG3 14/14
Develop processes and technical controls to identify, classify, securely
handle, retain, and dispose of data.
3.1
Establish and Maintain a Data
Management Process
3.2
Establish and Maintain a Data
Inventory
Data
Data
3.3
Why Is This CIS Control Critical?
through its entire life cycle. These privacy
rules can be complicated for multi-national
enterprises of any size; however, there are
fundamentals that can apply to all.
Once attackers have penetrated an
enterprise’s infrastructure, one of their
first tasks is to find and exfiltrate data.
Enterprises might not be aware that
sensitive data is leaving their environment
because they are not monitoring data
outflows.
Identify
Configure Data Access Control
Lists
Data
Data is no longer only contained within
an enterprise’s border; it is in the cloud,
on portable end-user devices where users
work from home, and is often shared with
partners or online services that might
have it anywhere in the world. In addition
to sensitive data an enterprise holds
related to finances, intellectual property,
and customer data, there also might be
numerous international regulations for
protection of personal data. Data privacy
has become increasingly important, and
enterprises are learning that privacy
is about the appropriate use and
management of data, not just encryption.
Data must be appropriately managed
Identify
Protect
3.4 Enforce Data Retention
Data
3.5
Protect
Securely Dispose of Data
Data
Protect
3.6
Encrypt Data on End-User
Devices
3.7
Establish and Maintain a Data
Classification Scheme
Data
Data
Protect
Identify
3.8 Document Data Flows
Data
Identify
3.9 Encrypt Data on Removable
Media
Data
Protect
3.10 Encrypt Sensitive Data in
Transit
Data
Protect
3.11 Encrypt Sensitive Data at Rest
Data
Protect
3.12 Segment Data Processing and
Storage Based on Sensitivity
Data
22
Data
78 Percent of Small Businesses that store valuable or sensitive data do not encrypt their data
making it easy for hackers to gain access. There are tools and systems available now that can
cost-effectively manage data protection and encryption across organisations.
Protect
3.14 Log Sensitive Data Access
Data
Did You Know?
Protect
3.13 Deploy a Data Loss Prevention
Solution
Detect
