Please enable JavaScript.

Coggle requires JavaScript to display documents.

Risk Management, Reducing the amount of data that you retain is a great…

- - - - The single loss expectancy (SLE)
        
        exposure factor (EF)
        
        asset value (AV)
      - the annualized rate of occurrence
        (ARO).
      - The annualized loss expectancy
        (ALE)
    - - evaluates the probability and magnitude of several risks on a subjective
        “Low/Medium/High” scale
- - - - is a risk management strategy where we change our business
        practices to completely eliminate the potential that a risk will materialize.
    - - shifts some of the impact of a risk from the organization
        experiencing the risk to another entity
        
        example
        
        purchasing an insurance policy that covers a risk
    - - the process of applying security controls to reduce the
        probability and/or magnitude of a risk
    - - to take no other risk management strategy and to
        simply continue operations as normal in the face of the risk
      - final risk management strategy
- - - - Encryption
        
        Encryption technology uses mathematical algorithms to protect information from prying eyes, both while it is in transit over a network and while it resides on systems
      - Data loss prevention (DLP)
        
        They can act quickly to block the transmission before damage is done and alert administrators to the attempted breach
      - Data Minimization
        
        If we can't completely remove data from a dataset,we can often transform it
        into a format where the original sensitive information is deidentified
        
        data obfuscation
        
        An alternative to deidentifying data is transforming it into a format where the original information can't be retrieved
        
        Tools
        
        Tokenization replaces sensitive values with a unique identifier using a lookup table.
        
        Masking
        
        Hashing
      - Access Controls
    - - Data Ownership
        
        One of the most important things that we can do to protect our data is to
        create clear data ownership policies and procedures.
      - Information Classification
        
        Top Secret information
        
        Secret information
        
        Confidential information
        
        Unclassified information
      - Data Life Cycle
      - Data Sovereignty
        
        Whether an organization builds their own infrastructure or relies on cloud service providers, they commonly distribute customer data across geographically distant data centers to mitigate the risk of an infrastructure failure.
      - Nondisclosure Agreements
        
        It should require that all employees working with that data sign NDAs that prohibit them from sharing that information with unauthorized individuals
      - Training and Exercises