Privacy / Security Requirements
General
This field has a drop down for the parameters listed below. These represent commonly used parameter labels for data discovery but can be added to on the List Reference tab of the IDS.
Privacy / Security Requirements
In this field, we are seeking to Identify the Privacy and Security Requirements for our data. This will impact the way the data is accessed stored and shared within our organization.
Privacy and Security requirements dictate how we safeguard our information from unwarranted access, how we ensure its accuracy and completeness, and how we guarantee its availability to authorized personnel when they need it. These requirements help create an environment of trust and accountability in data handling and make certain that actions are verifiable and indisputable.
In essence, they are the pillars that uphold the integrity of a system and provide the framework for investigating potential security breaches. In the forthcoming sections, we will explore these categories and their significance in-depth in the section on Cyber Security, equipping you with the knowledge to effectively manage your company's data security and privacy needs, but for the purposes of the IDS we will limit our categories to the following. These categories while general provide guidance for setting up access levels, sharing, and grouping policies.
Best Practices
- Confidential- Information classified under this category requires measures to prevent unauthorized access or disclosure.
- Read-Only- This refers to the protection of data accuracy and completeness, allowing users to view but not alter the information.
- Accessible- Information in this category must be readily available to authorized users when needed.
- Accountable- This category emphasizes tracking and monitoring user access to ensure responsible use and to quickly identify potential security breaches.
- Verifiable- Information in this category requires measures to prevent users from denying their actions, thereby preserving system integrity and supporting investigations into potential security breaches.
Understanding Good Stewardship
Privacy needs to be planned as early as possible and MAINTAINED consistently. Typically, security goes without notice until there is a breach so making consistency and maintenance a priority can be difficult. Holding education sessions can keep people focused and should be a part of your overall data stewardship plan.