Establish Handling Requirements
Handling, sharing, and allowing access to an asset or a set of assets need to be ensured by the confidentiality, integrity, and availability requirements. In this part of this tutorial, we’ll take a look at establishing handling requirements to help you understand the aspects of establishing handling.
Appropriate policies and procedures should be established for handling sensitive asset.
Here are some of the best ways to access sensitive information:
Secure disposal of media: Shredding in the case of paper documents and pulverizing in the case of digital media are some of the methods used in media disposal.
Labeling: A good approach, is to tag sensitive data, but it should be labeled in such a way that it does not reveal the contents of the data.
Access Restrictions: Data access restrictions should be designed so that an unqualified person cannot access the data.
Authorized Recipient’s Data: Recipients who are authorized to access the data should be documented and approved.
Data Distribution: It is necessary to design a mechanism that the data is provided to the authorized people only according to the list of authorized recipients.
Clear Marking: Marking on sensitive data has to be clear and understandable for appropriate identification and handling.
Review of Distribution Lists: Distribution lists (authorized individuals) must be periodically reviewed – and, if necessary, updated.
Publicly Available Sources: There should be a mechanism of appropriate controls that constantly check that sensitive data is not and will not be published in public repositories or websites.
Go CISSP’s Home