One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 4574987 |
| Date de publication | 2022-05-11 09:24:18 (vue: 2022-05-10 22:05:34) |
| Titre | Data masking and redaction policy |
| Texte |  Last evening I completed and published another SecAware infosec policy template addressing ISO/IEC 27002:2022 clause 8.11 "Data masking":"Data masking should be used in accordance with the organization's topic-specific policy on access control and other related topic-specific, and business requirements, taking applicable legislation into consideration."The techniques for masking or redacting highly sensitive information from electronic and physical documents may appear quite straightforward. However, experience tells us the controls are error-prone and fragile: they generally fail-insecure, meaning that sensitive information is liable to be disclosed inappropriately. That. in turn, often leads to embarrassing and costly incidents with the possibility of prosecution and penalties for the organisation at fault, along with reputational damage and brand devaluation.The policy therefore takes a risk-based approach, outlining a range of masking and redaction controls but recommending advice from competent specialists, particularly if the risks are significant.The $20 policy template is available here.Being a brand new policy, it hasn't yet had the benefit of the regular reviews and updates that our more mature policies enjoy ... so, if you spot issues or improvement opportunities, please get in touch.As usual, I have masked/redacted the remainder of the policy for this blog and on SecAware.com by making an image of just the first half page or so, about one eigth of the document by size but closer to one quarter of the policy's information value. So I'm giving you about $5's worth of information, maybe $4 since the extract is just an image rather than an editable document. On that basis, similar partial images of the 80-odd security policy templates offered through SecAware.com are worth around $320 in total. It's an investment, though, a way to demonstrate the breadth, quality, style and utility of our products and so convince potential buyers like you to invest in them. |
| Envoyé | Oui |
| Condensat | $20 $320 last 27002:2022 about access accordance addressing advice along another appear applicable approach are around available based basis being benefit blog brand breadth business but buyers clause closer com competent completed consideration control controls convince costly damage data demonstrate devaluation disclosed document documents editable eigth electronic embarrassing enjoy error evening experience extract fail fault first fragile: from generally get giving had half hasn have here highly however image images improvement inappropriately incidents information infosec insecure invest investment iso/iec issues just leads legislation liable like making masked/redacted masking mature may maybe meaning more new odd offered often one opportunities organisation organization other outlining page partial particularly penalties physical please policies policy possibility potential products prone prosecution published quality quarter quite range rather recommending redacting redaction regular related remainder reputational requirements reviews risk risks secaware security sensitive should significant similar since size specialists specific spot straightforward style takes taking techniques tells template templates than them therefore though through topic total touch turn updates used usual utility value way worth yet |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.