Please enable JavaScript.
Coggle requires JavaScript to display documents.
CASP+ Data consideration - Coggle Diagram
CASP+
Data consideration
Data consideration
Data security
CIA
Integrity
how correct
hash + checksum
FAIL
unauthorized modify
Confidentiality
how secure
acl
data classification
guard
encrypt at rest, in transit
FAIL
unauthorized can obtain && view
Availability
how much uptime
redundancy data path
backup
FAIL
cannot access when need
Categorize impact
low, medium, high
Data classification
Based on: value & sensitivity
Sector
Commercial
Public
Sensitive
minimal impact
org finance data
Private
Confidential
trade secret
source code
intellectual property data
Government
Unclassified
public (Freedom of Information Act - FoA)
Controlled unclassified
protected from public
medical record
personnel files
Confidential
trade secret
damage national
Secret
military deployment plan
defensive posture
seriously damage national
Top secret
blueprint weapon (gravely damage national)
Data types
PII (Personal Identifiable Information)
name, birthday,
social security number
Health data
protected law: HIPAA (1996)
PHI (Protected health information)
Fiinancial data
Intellecture property
Copyright
Parent
Trademark
Trade secret
Data format
Structured
CSV, excel
Unstructured
chat, powerpoint
Data state
Data at rest
Data in motion
Data in use
Data retention
business policy && law && regulation
Law: sarbanes oxley act
type
short term
long term
backup
business continuity plan (BCP)
recovery point objective (RPO)
Data preservation
Data destruction
type
data removal
quick & easy
data destruction
data sanitization
verification data erased
physical destruction
Data ownership
Data owner
know more
about data
Data steward
focus on quality
of data & metadata
Data custodian
handle management
system where data store
Privacy officer
Data sovereignty
GDPR (EU)