With the growth of cloud storage adoption and use, grew unique risks which required tailored data security solutions, regulations, measures and methodologies to mitigate potential loss and abuse. This category defines and delineates the scope of data security concepts, terms and best practices used to ensure the security of organizational data.
One of the common standards, regulations and compliance frameworks. California Consumer Privacy Act (CCPA) is a state statute for residents of California, United States. Its primary aim is to enhance privacy rights and consumer protection.
One of the common standards, regulations and compliance frameworks. The Center for Internet Security (CIS) is a nonprofit organization with no official mandate. Its primary aim is to provide a set of best-practice cybersecurity standards for a range of IT systems and products.
A Data Protection Policy (DPP) is a security measure used to standardize data usage, monitoring and administration. The primary objective of this policy is to safeguard and protect all data used, managed and stored by the organization. Although not mandated by law, this policy is frequently used to assist organizations in adhering to internationally recognized rules and standards for data protection.
A data breach occurs when information is copied from a system without the owner's knowledge or consent. Stolen data may contain sensitive, proprietary or confidential information, and its exposure can cause financial and reputational harm to the target.
One of the common standards, regulations and compliance frameworks. Federal Information Security Management Act of 2002 (FISMA) is mandated by United States federal law. Its primary aim is to reduce the security risk to federal information and data while managing federal spending on information security.
One of the common data standards, regulations and compliance frameworks. General Data Protection Regulation (GDPR) mandated by the European Union and the European Economic Area Law. Its primary aim is enhancing individuals' control and rights over their personal data and simplifying the regulatory environment for international business.
One of the common standards, regulations and compliance frameworks. The Health Insurance Portability and Accountability Act of 1996 (HIPPA) is mandated by the United States Congress. Its primary aim is detailing methods for the protection of personally identifiable information (PII) maintained by the healthcare and healthcare insurance industries.
Identity and Access Management (IAM) is a set of business processes, regulations, and technologies that make it easier to manage and oversee electronic or digital identities. IAM frameworks allow Information Technology (IT) administrators to govern user access to sensitive data within their organizations.
Information Rights Management (IRM) is an IT security solution intended to prevent unauthorized access to documents containing sensitive data. IRM applies to documents, spreadsheets and presentations created by individuals, in contrast to traditional Digital Rights Management (DRM) solutions, that are only relevant for mass-produced media such as songs and movies. IRM prevents illegal copying, viewing, printing, forwarding, deleting, and editing of this data.
One of the common standards, regulations and compliance frameworks. National Institute of Standards and Technology (NIST) is mandated by the regulatory agency of the United States Department of Commerce. The primary aim of NIST 800-53 is to provide a catalog of security and privacy controls for all US federal information systems except those related to national security. NIST 800-171 is a codification of the requirements that any non-federal computer system must follow in order to store, process, or transmit Controlled Unclassified Information (CUI) or provide security protection for such systems.
One of the common standards, regulations and compliance frameworks. The Payment Card Industry Data Security Standard (PCI DSS) is mandated by the card organization's brand but administered by the Payment Card Industry Security Standards Council. It is an information security standard for handling branded credit cards in major card schemes.
Remediation and mitigation are the direct result of a risk assessment conducted following the discovery of a new Advanced Persistent Threat (APT). Remediation is the elimination of a threat when possible, whereas mitigation is the development of techniques to reduce the negative impact of a threat and the possibility of a vulnerability being exploited if it cannot be eliminated.
One of the common standards, regulations and compliance frameworks. The Service Organization Control (SOC2) is a voluntary compliance standard developed by the American Institute of CPAs (AICPA). Its primary aim is to specify how organizations should manage customer data.
One of the common standards, regulations and compliance frameworks. The Sarbanes–Oxley Act of 2002 (SOX) is mandated by United States federal law. Its primary aim is to provide common practices in financial record keeping and reporting for corporations.
Data-use compliance refers to the rules and guidelines that specify how businesses and governmental bodies must protect customer and employee information from theft, unauthorized access, and other harm. This is frequently used to protect consumer data, but it can also apply to employee data, financial records, and other information.