Technical Guidance

From Cybersec Standards
Jump to: navigation, search

This is a guide for implementing technical security controls in order to achieve compliance with data protection and privacy laws.

OWASP-Recommended Security Controls:

Access Control

  • If state data must be stored on the client, use encryption and integrity checking on the server side to catch state tampering

Data Integrity

  • Securely implement transaction authorization to protect the transaction integrity

Data Protection

  • Implement least privilege, restrict users to only the functionality, data and system information that is required to perform their tasks

Mobile App Security

UK Information Commissioner’s Office-Recommended Security Controls:

Data Protection Impact Assessment (DPIA)