The Legal and Regulatory framework used by an organization must be consistent with all laws, regulations, and standards of due care with which the organization must comply regarding all possible form of data it handles (personal data, special categories of personal data, judicial data, non-personal data). It is up to the organization to define which data it considers sensitive and are of high importance to avoid any possible leak.
Operational practices focus on technology-related issues dealing with how people use, interact with, and protect technology. They are subject to changes as technology advances and new or updated practices arise to deal with those changes. An example of typical operational practice areas usually includes: Physical security, Information Technology Security, Staff Security.
Financial Stability profile is also considered to have sensitive financial information. An organization handling customers’ money and responsible for transactions is required to protect the privacy of its customers. The organization’s security policy should explicitly require role-based access to information. Apart from access control mechanisms, this profile covers also the issues of Application and Interface Security, Business Continuity, Encryption, Human Actors, etc.
Reputation and Loss of Service profile considers a broad range of potential threat sources and allows an organization to identify the threats to its critical assets based on known potential sources of threat like Human Actors, System Problems, Physical Access problems, etc
Copyright 2016 CloudWATCH2 has received funding from the European Union's Horizon 2020 programme - DG CONNECT Software & Services, Cloud. Contract No. 644748