Level 36 Level 38
15 words 0 ignored
Ready to learn Ready to review
Check the boxes below to ignore/unignore words, then click save at the bottom. Ignored words will never appear in any learning session.
May impact data classification and handling such as those controlled by data protection
US Sarbanes-Oxley Act
Defines which data records must be stored and for how long.
Information may also need to be
Reclassified based on changes to its importance
prior to a product release
Details of the design, pricing and other information may be confidential and need
Another important consideration for data security is
Defining the data owner
Business information belongs to
Whoever is ultimately responsible for the business process
The data owner
Is usually responsible for determining the data classification and therefore the level of
When classifying data, the following requirements should be considered
Access and authentication,
Access and authentication
Determine access requirements including defining users profiles, access approval
Determine where sensitive data are stored and how they are transmitted.
Utilize controls to warn an affected user that his or her information is about to be used.
Determine the uptime and downtime tolerances for different data types.
Ownership and distribution
Establish procedures to protect data from unauthorized copy and distribution.
Protect data from unauthorized changes using change control procedures and automated monitoring
Determine retention periods and preserve specific versions of software, hardware, authentication