Difference between revisions of "Technical Guidance"

From Cybersec Standards
Jump to: navigation, search
Line 11: Line 11:
 
==== Data Protection ====
 
==== Data Protection ====
 
* Implement least privilege, restrict users to only the functionality, data and system information that is required to perform their tasks
 
* Implement least privilege, restrict users to only the functionality, data and system information that is required to perform their tasks
 +
 +
==== Mobile App Security ====
 +
* [https://github.com/OWASP/owasp-mstg/tree/master/Checklists OWASP Mobile App Security Checklist]
  
 
=== UK Information Commissioner’s Office-Recommended Security Controls: ===
 
=== UK Information Commissioner’s Office-Recommended Security Controls: ===
 
==== Data Protection Impact Assessment (DPIA) ====
 
==== Data Protection Impact Assessment (DPIA) ====
 
* [https://gdpr.eu/wp-content/uploads/2019/03/dpia-template-v1.pdf Data Protection Impact Assessment Template]
 
* [https://gdpr.eu/wp-content/uploads/2019/03/dpia-template-v1.pdf Data Protection Impact Assessment Template]
 
* [https://github.com/OWASP/owasp-mstg/tree/master/Checklists OWASP Mobile App Security Checklist]
 

Revision as of 00:07, 24 July 2020

This is a guide for implementing technical security controls in order to achieve compliance with data protection and privacy laws.

OWASP-Recommended Security Controls:

Access Control

  • If state data must be stored on the client, use encryption and integrity checking on the server side to catch state tampering


Data Integrity

  • Securely implement transaction authorization to protect the transaction integrity

Data Protection

  • Implement least privilege, restrict users to only the functionality, data and system information that is required to perform their tasks

Mobile App Security

UK Information Commissioner’s Office-Recommended Security Controls:

Data Protection Impact Assessment (DPIA)