Difference between revisions of "Technical Guidance"

From Cybersec Standards
Jump to: navigation, search
Line 1: Line 1:
This is a collection of external resources for implementing security controls in order to achieve compliance with data protection and privacy laws.
+
This is a collection of external resources for implementing security controls in compliance with data protection and privacy laws.
  
 
=== Technical Security Controls: ===
 
=== Technical Security Controls: ===
 
==== Access Control ====
 
==== Access Control ====
* If state data must be stored on the client, use encryption and integrity checking on the server side to catch state tampering
+
Implement least privilege, restrict users to only the functionality, data and system information that is required to perform their tasks.
*[https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html OWASP Cryptographic Storage Cheat Sheet]
+
 
 
* [https://cheatsheetseries.owasp.org/cheatsheets/Access_Control_Cheat_Sheet.html OWASP Access Control Cheat Sheet]
 
* [https://cheatsheetseries.owasp.org/cheatsheets/Access_Control_Cheat_Sheet.html OWASP Access Control Cheat Sheet]
  
 
==== Data Integrity ====
 
==== Data Integrity ====
* Securely implement transaction authorization to protect the transaction integrity
+
Data records must be protected from unauthorized modification to ensure data quality and integrity.
  
 
==== Data Protection ====
 
==== Data Protection ====
* Implement least privilege, restrict users to only the functionality, data and system information that is required to perform their tasks
+
Data records, especially sensitive data, must be protected from unauthorized access.
 +
 
 +
*[https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html OWASP Cryptographic Storage Cheat Sheet]
  
 
== Healthcare Industry Security ==
 
== Healthcare Industry Security ==

Revision as of 06:19, 25 July 2020

This is a collection of external resources for implementing security controls in compliance with data protection and privacy laws.

Technical Security Controls:

Access Control

Implement least privilege, restrict users to only the functionality, data and system information that is required to perform their tasks.

Data Integrity

Data records must be protected from unauthorized modification to ensure data quality and integrity.

Data Protection

Data records, especially sensitive data, must be protected from unauthorized access.

Healthcare Industry Security

Mobile App Security

Privacy Compliance:

Data Protection Impact Assessment (DPIA)

Privacy and Anonymity