https://github.com/qeeqbox/data-privacy-and-security

https://github.com/qeeqbox/data-privacy-and-security

Last synced: 4 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/qeeqbox/data-privacy-and-security
• Owner: qeeqbox
• License: agpl-3.0
• Created: 2024-01-28T23:47:29.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-01-28T23:48:02.000Z (over 1 year ago)
• Last Synced: 2025-01-16T05:55:51.963Z (5 months ago)
• Homepage:
• Size: 16.6 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
### Data States

Data states refer to structured and unstructured data divided into three categories (At Rest, In Use, and In Transit)

#### At rest

Data currently stored in a storage

*   Protection

    *   Encryption (Endpoints, File Servers\\Shares, Databases)

    *   DLP (Endpoints, File Servers\\Shares)

    *   MDM (Mobile Device Storage)

    *   CASB (Cloud Storage)

#### In use

Data is actively being accessed and processed by application\\services\\users

*   Protection

    *   Rights Management to public, private, restricted data using DRM, IRM etc.. (desktop\\web\\collaboration\\mobile Apps, databases, etc.)

#### In transit

Data is moving from one point to another

*   Protection

    *   Encryption (Email)

    *   DLP (Email, Uploads, Downloads)

    *   CASB (Cloud applications)

    *   Rights Management to public, private, restricted data using DRM, IRM etc.. (desktop\\web\\collaboration\\mobile Apps, databases, etc.)

* * *

### Data Classification

Data classification defines and categorizes data according to its type, sensitivity, and value. It helps ensure data confidentiality/integrity and makes it easier to access (Organizations usually design their data classification models and categories)

* * *

### Data Type

#### Content-based

Classification based on reviewing each piece of data and looking for sensitive information

#### Context-based

Classification based on metadata and environmental information (Indirect indicators of sensitive information) like the application or the person that created the document

#### User-base

Classification based on a person's discretion and knowledge (User needs to know what's inside the document)

* * *

### Military

#### Top Secret

Data requires the highest degree of protection, and disclosure of it would cause exceptionally grave damage to national security

*   Policy for conducting intelligence

#### Secret

Disclosure of it would cause serious damage to national security

*   Indications of weakness

#### Confidential

Disclosure of it would cause damage to national security

*   Intelligence reports

#### Sensitive

Data is not classified, and disclosure of it would cause limited damage to national security

*   For Official Use Only (FOUO)

*   Limited Official Use (LOU)

*   Official Use Only (OUO)

#### Unclassified

Data is not classified and non-sensitive

* * *

Commercial

----------

#### Restricted

High sensitive data and access is restricted to specific individuals or authorized third parties (disclosure to it would lead to permanent damage)

*   SSN

*   Credit cards

*   Criminal Record

*   Medical info

*   Biometric data

#### Confidential

Sensitive data that is team-wide and disclosure to it would harm the origination operation

*   Vendor contracts

*   Employees salaries

*   Names, addresses, and dates

#### Sensitive

Non-Sensitive data that is origination-wide and cannot be disclosed to anyone

*   Internal policies

*   Internal user guides

*   Ogrinzaitonl charts

*   Project documents

#### Public

Information that can be disclosed to anyone

*   Public API documents

*   Job titles and names

*   Open API Data

* * *

### Privacy

The right to control, access, and regulate your personal information (What info is protected)

* * *

### Security

Safeguarding your personal information (How your info is protected)

*   Confidentiality

*   Integrity

*   Availability

* * *

### Privacy and Security Examples

*   Both privacy and security are maintained

    *   Encrypted personal info in a bank is safe and protected

*   Privacy is compromised, and security is maintained

    *   Encrypted personal info is sold by the bank

*   Privacy is maintained, and security is compromised  

    *   Encrypted personal info in a bank is stolen

*   Both privacy and security are compromised  

    *   Encrypted personal info in a bank is stolen, decrypted and sold on the dark web

* * *

### CIA Triad

*   Confidentiality

    *   Data should not be accessed without permission (Data is stored in a safe place)  

        *   Sending a message to a specific target

*   Integrity

    *   Data should not be modified by unauthorized users (Data is reliable and accurate)  

        *   Sending a message to a specific target and ensuring that the target receives the exact message without being tampered with

*   Availability

    *   Data should be available to authorized users whenever they need it (Data is available when needed)  

        *   Sending a message and a specific target is able to receive it