Confidentiality
Learn the importance of data confidentiality within an organization.
We'll cover the following
Importance of confidential data
Though the popularity of social networks has made privacy difficult to maintain, data still needs to remain confidential. This need could be driven by regulatory or legal requirements and could prevent costly data breaches. Ensuring the confidentiality of sensitive data means limiting access to these data
Classify confidential data
The following steps should be used to identify confidential data:
Identify all data that the organization uses and retains. The result of this exercise should be a data inventory or data dictionary.
Understand which regulations and legal requirements the organization needs to adhere to. These requirements should include how confidential data should be defined. There may also be an organizational policy regarding data and data retention. If so, these policies should also be consulted to determine how to define confidential data correctly.
Review the organization’s data inventory (customer name, mailing address, and so on) and assign a confidentiality label to each data item. The labeling should follow the confidentiality labels recommended by relevant regulations and policies.
Take the time to identify all data transmitted and stored. All data used by production networks and systems should be covered. To be thorough, include development and test environments as well. A data classification exercise is worth the effort.
Protect confidential data
By identifying the data’s confidentiality requirements, we can implement the following:
Appropriate controls
Processes
Architectural design
Encrypting data in transit and at rest, for example, is one of the best ways to ensure that this security principle is followed. Encryption by itself isn’t a solution. It also needs to be appropriately implemented.
Get hands-on with 1400+ tech skills courses.