Tuesday, 28 September 2010

Data Classification and Security Requirements

At the start of a web development project you should think about the security requirements that your application needs to meet.  What legislation, industry standards etc. are relevant? One handy way to do this is to classify the type of data that the application will process. The classification can help you work out the security requirements. In addition, many information security standards such as the ISO 27001 family,recommends the use of data classification.

Here are a number of classifications which may be useful.

Public Data

This includes information that is published to a website and is available to the general public. Examples are general product or company information. The main security drivers here are probably corporate governance rules and general good web security practices (OWASP Top 10). Confidentiality is not really an issue as you want people to see it. However, the integrity is important. Malicious users should not change it.

Public data is usually either purely static or database driven.  For static html the main risk to be addressed is OWASP Top 10 - Security Misconfiguration (A6).  For a database driven website, the main risks are the standard injection and  validation issues OWASP Top 10 A1, A2 etc.. 

Personal Data

If your website processes names and addresses, then your application will need to comply with local Personal Data legislation. This is probably the most common type of classification. EU countries have implemented the European Data Directive (Directive 95/46/EC) into national legislation. The  Information Commissioner's Office is responsible in the UK. In Ireland it is managed by the Data Protection Commissioner).  Other EU countries will have corresponding bodies.

In the US state of Massachusetts the relevant law is  "201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH" which is in force since March 2010.

You should become familiar with the relevant data protection legislation in your jurisdiction.

Payment Cards

If you "store, process or transmit" payment card information your application will need to comply with the Payment Card Industry - Data Security Standard (PCSI DSS ). Requirement 6 is the main one for web application security, although many of the requirements apply.

Money

This is a broad category covering such applications as online banking etc. There are many security drivers here such as Federal Deposit Insurance Corporation  (e.g. on multiple factor authentication), the European Payments Council etc.

Intellectual Property

For intellectual property, the main security driver will be corporate governance rules and internal organisation standards.

Summary

Those are just some data classifications which you can use in determining what are the security requirements that your application needs to meet.  There are many more depending on the sector that you are in.

Your company or organisation may have internal standards or policies that your application will need to comply with.  In fact, this is the first item you should research. This applies especially to larger or multinational organisations.

To summarise, if you are starting out on a new web development project, one of the first things you should do is to classify the type of data that your application will be processing. The classification will help you identify the security requirements that your application will need to meet.

Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

Posted by alexisfitzg at 09:14
Labels: , ,

35 comments:

  1. Toby Osbourn30 September 2010 at 14:39

    Excellent post, really useful summary.

    ReplyDelete
  2. alexisfitzg30 September 2010 at 15:28

    Toby, You say all the nicest things! Alexis

    ReplyDelete
  3. markson11 December 2019 at 12:43

    An information store contains a subset of corporate-wide information that is of incentive to a particular gathering of clients. Data Analytics Courses

    ReplyDelete
  4. shreekavi10 March 2020 at 11:11

    very intersting to read your blog and it makes the viewers to visit your blog and keep on updating.
    Software Testing Training in Chennai
    Software Testing Training in Bangalore
    Software Testing Training in Coimbatore
    Software Testing Training in Madurai
    Best Software Testing Institute in Bangalore
    Software Testing Course in Bangalore
    Software Testing Training Institute in Bangalore
    Selenium Course in Bangalore

    ReplyDelete
  5. Unknown19 March 2020 at 07:38

    Great information.develop Lucky me I came across your blog by chance (stumbleupon). I've bookmarked it for later!

    ReplyDelete
  6. Best Data Science Courses In Bangalore 24 July 2020 at 20:24

    This comment has been removed by the author.

    ReplyDelete
  7. Farhan.Jee12 December 2020 at 19:29

    However, for quick development, less code and lesser cost, Python is the ideal language here. Python can easily scale up any complex application and also can be handled by a small team. Not only do you save resources, but you also get to develop applications in the right direction with Python. data science course in india

    ReplyDelete
  8. Priya Rathod21 April 2021 at 11:10

    This is an excellent post I saw thanks to sharing it. It is really what I wanted to see. I hope in the future you will continue to share such an excellent post.
    Data Science Training in Hyderabad
    Data Science Course in Hyderabad

    ReplyDelete
  9. nayar5 June 2021 at 16:00


    Nice blog! Thanks for sharing this valuable information
    RPA Training in Bangalore
    RPA Training in Pune
    RPA Training in Hyderabad
    RPA Training in Gurgaon

    ReplyDelete
  10. 360DigiTMG-Pune26 June 2021 at 14:02

    This is also a very good post which I really enjoyed reading. It is not every day that I have the possibility to see something like this..
    artificial intelligence course in pune

    ReplyDelete
  11. Bhavya14 July 2021 at 13:11

    Great article. keep on posting. iot course training in warangal

    ReplyDelete
  12. Vaishnavi gupta14 July 2021 at 18:36

    this is very good article which i really enjoyed reading....
    Certification Course on

    Data Science in London

    ReplyDelete
  13. to10 August 2021 at 12:27

    Great post. keep sharing such a worthy information

    Data Science Training in Chennai
    Data Science Courses in Bangalore

    ReplyDelete
  14. vaishnavi27 October 2021 at 13:38

    Great post. keep sharing such a worthy information...... https://eduxfactor.com/digital-marketing-online-training

    ReplyDelete
  15. vaishnavi27 October 2021 at 13:40

    Great post. keep sharing such a worthy information.................ttps://eduxfactor.com/digital-marketing-online-training

    ReplyDelete
  16. vaishnavi9 November 2021 at 11:45

    Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article.
    please visit this site
    https://eduxfactor.com/tableau-online-training

    ReplyDelete
  17. Digi Shraa9 November 2021 at 13:02

    Very Informative blog thanxs for sharing it. Anyone can do Digital Marketing Training Course but for MBAs it as must thing.

    ReplyDelete
  18. vaishnavi10 November 2021 at 12:50

    Thankyou For sharing this valuable content. It really helped. People Looking devops online training hyderabad can go for eduxfactor.com/devops-online-training

    ReplyDelete
  19. ritik12 November 2021 at 11:11

    Worthiest bog ever.thnks for sharing rhis on. visit our website https://eduxfactor.com/digital-marketing-online-training

    ReplyDelete
  20. KARTDISCOUNTAPP27 November 2021 at 13:54

    Thanks for this blog, it is really helpful
    EduXFactor delivers the best digital marketing course & certification, acting as a training platform where many Aspirants & professionals are rocking their career at full pace.

    https://eduxfactor.com/digital-marketing-online-training

    ReplyDelete
  21. bloglink29 November 2021 at 19:45

    Selenium Testing is an open-source tool that automates with web browsers. It delivers a single interface platform that lets you write test scripts in different programming languages like Ruby, Java, NodeJS, PHP, Perl, Python, C#, and many others.
    https://eduxfactor.com/selenium-online-training
    CHECK IT OUT NOW

    ReplyDelete
  22. bloglink1 December 2021 at 19:48

    A comprehensive up-to-date Data Science course that includes all the essential topics of the Data Science domain, presented in a well-thought-out structure.
    Taught and developed by experienced and certified data professionals, the course goes right from collecting raw digital data to presenting it visually. Suitable for those with computer backgrounds, analytic mindset, and coding knowledge.
    https://eduxfactor.com/datascience-online-training

    ReplyDelete
  23. bloglink2 December 2021 at 11:11

    EduXFactor presents to you a comprehensive up-to-date DevOps certification program. This course will empower you with job-relevant skills and power you ahead in your career.
    With this course, master various aspects of software development, operations, continuous integration, continuous delivery, automated configuration management, test, and deployment using DevOps tools like Git, Docker, Jenkins, Ansible, Kubernetes, Puppet & Nagios..
    Packed with hands-on exercise for every module, this course is suitable for software developers, technical project managers, architects, operations support, deployment engineers, IT managers, and development managers.
    https://eduxfactor.com/devops-online-training

    ReplyDelete
  24. Unknown16 December 2021 at 04:43

    thank you for this great helpful informataion.
    digital marketing is a great job opportunities platform. if you want to good job in digital marketing then go in eduxfactor. We provide a real time experience in digital marketing training in Hyderabad. pls see this site
    https://eduxfactor.com/digital-marketing-online-training

    ReplyDelete
  25. san brock27 December 2021 at 13:33

    Great post I must say and thanks for the information. I appreciate your post and would link to suggest to you selenium training institutes in hyderabad provided by EduXfactor . Check out https://eduxfactor.com/selenium-online-training.

    ReplyDelete
  26. san brock27 December 2021 at 13:40

    Great post I must say and thanks for the information. I appreciate your post and would link to suggest you selenium training institutes in hyderabad provided by EduXfactor. Check out https://eduxfactor.com/selenium-online-training.

    ReplyDelete
  27. san brock4 January 2022 at 09:55

    Awesome blog. I enjoyed reading your articles. This is truly a great read for me. Keep up the good work! We provide selenium with python training
    do look check out this site

    ReplyDelete
  28. Akhil_00205 January 2022 at 09:56

    I like viewing web sites which comprehend the price of delivering the excellent useful resource free of charge. I truly adored reading your posting. Thank you!
    Digital Marketing Training is the best choice for students to start a new career.Digital Marketing Training

    ReplyDelete
  29. san brock8 January 2022 at 08:26

    I am impressed by the information that you have on this blog. It shows how well you understand this subject. Do check out the best tableau training institute in hyderabad and enhance your skills.

    ReplyDelete
  30. David Fincher16 January 2022 at 06:29

    This post is so interactive and informative.keep update more information...
    Ethical Hacking Course in Anna Nagar
    Ethical Hacking Course in Chennai

    ReplyDelete
  31. 360DigiTMG5 February 2022 at 16:06

    Wonderful blog. I am delighted in perusing your articles. This is genuinely an incredible pursuit for me. I have bookmarked it and I am anticipating perusing new articles. Keep doing awesome!
    data analytics course in hyderabad

    ReplyDelete
  32. milka25 April 2022 at 09:13

    Great post. keep sharing such a worthy information.
    Graphic Design courses in Chennai
    Online Graphic Design Course
    Graphic Design Courses In Bangalore

    ReplyDelete
  33. deekshitha16 March 2023 at 11:09

    Begin your 360DigiTMg Data Science online course right away to be prepared for the next time a career opportunity arises.best data science institute in nashik with placement

    ReplyDelete
  34. iteducationcentre30 May 2023 at 09:54

    Great post.Thanks for posting.
    artificial intelligence classes in Pune

    ReplyDelete
  35. Imarticus23 January 2024 at 13:33

    I thoroughly enjoyed reading this insightful article on data classification and security by Alexis Fitzg. The comprehensive overview of the importance of data classification in safeguarding sensitive information is not only relevant but also enlightening. The author's expertise shines through, making complex concepts accessible to readers.

    Additionally, I would like to highlight how Imarticus Learning's Data Science Course perfectly aligns with the principles discussed in this article. The course's emphasis on data security and classification is commendable, providing students with the necessary skills to navigate the evolving landscape of data protection. Imarticus Learning's commitment to practical, hands-on learning ensures that participants are well-equipped to tackle real-world challenges in the field of data science. This article serves as a timely reminder of the critical role education plays in fortifying our digital future, and Imarticus Learning appears to be leading the way in this important endeavor.

    ReplyDelete

Subscribe to: Post Comments (Atom)