This is a collection of external resources for implementing security controls in compliance with data protection and privacy laws.
Technical Security Controls:
Implement least privilege, restrict users to only the functionality, data and system information that is required to perform their tasks.
Data records must be protected from unauthorized modification to ensure data quality and integrity.
Data records, especially sensitive data, must be protected from unauthorized access.
Mobile App Security
- OWASP Mobile App Security Checklist
- OWASP Mobile Security Testing Guide (MSTG)
- OWASP Mobile Application Security Verification Standard
- Apple Security Development Checklists
Healthcare Industry Security
- FDA's guidance on cybersecurity for medical devices
- HIPAA Guidance Materials at U.S. Department of Health & Human Services website
Data Protection Impact Assessment (DPIA)
- Data Protection Impact Assessment Template, as recommended by the UK Information Commissioner’s Office