1.Though the data life cycle model does not specify requirements for location and access,these three factors are essential in planning the implementation of security controls.
2.Actors: who might compromise data
+ Non-malicious insiders.
+ Malicious outsiders.
+ External intruders.
3.Locations: where is the data stored/processed/transmitted
+ Jurisdiction
+ Audit
+ Threat landscape
+ What actors have access to the data
+ Does data move between locations and how?
4. Access
+ Who has access to the data
+ What controls are in place
+ What devices can be used to access data
Tying it Together
At this point ,we are able to produce a high level mapping of data flow,including device access and data flow,including device access and data locations.For each location,we can determine the relevant function and actors .Once this is mapped,we can better define what to restrict from which actor and by which control.
.png)
0 Comments