杰弗里ziplow.|2019年6月20日
本文最初发布在Patroiod; Gatiodger网站上,可以被浏览这里。
Whether a conglomerate, mid-size enterprise or a small venture with a shoestring staff, if you’re in business, your data must be protected…but what sometimes gets lost in translation is the type of information that needs to be protected, specifically information mandated by federal and/or state statute.
那么,究竟是什么受保护的信息?联邦级别存在许多不同的标准和合规规定,包括河马(健康保险空间和问责法),该法案需要保护和机密处理受保护的健康信息,以及GLB(Gramm-Leach-Bliley)法案,which protects customers’ financial information. But even beyond these regulations, virtually every state has its own set of nuances relating to protected personal information, which can include an individual’s Social Security number, driver’s license number or state-issued identification card number, financial account number, credit or debit card number, passport, and military ID number, just to name a few. Other states are considering digital fingerprints, DNA, and retina scans in their definition of personal information as well.
对于所有业务,了解您在公司内持有的受保护信息至关重要。许多企业不认为他们不存储任何受保护的信息,但在仔细看来,他们会意识到他们确实维护了一些这些识别因素。
一旦确定您拥有此个人或受保护的信息,就必须了解它所在哪里,并且可以访问它。其他重要问题包括如何提供访问权限,以及在该访问中置于哪些控件,以及谁可以复制或删除此信息?Issues about access in particular are critical – for example, if someone in your business gets infected by malware, but they don’t have access to the protected information, this information will probably not be compromised and as a result you may not have been officially breached (another discussion for another day).
