Has POPI got you worried? Are you unsure of what to do?
Here is a six-step data privacy protection plan for you to follow to ensure your sensitive data stored in your databases is protected and you are compliant with legislation, says Craig Moir, Director of Encryptech.
Step 1: Find and remediate database vulnerabilities
* Security hardening
* Benchmarking
* Patch management
Step 2: Discover sensitive data
* All databases
* Enterprise data inventory
* Classify data
Step 3: Understand who has access to personal information
* Discover and map user access rights
* Remove excess rights and privileges
* Review and approve/reject individual user rights
* Practice the principle of least privilege (POLP)
Step 4: Protect data from unauthorised access
* Secure sys admin accounts
* Database firewall
* Database encryption
* Data masking and redaction
* Web application firewall
* Enforce segregation of duties
* Prevent privileged user abuse
Step 5: Monitor and alert on privileged user activity
* Develop audit policies
* Audit reporting
* Exception alerting and reporting
Step 6: Develop and implement a data privacy protection policy
* Build a successful incident response plan
* Manage data security requirements for new and changing systems
* Preserve current data security amid constant IT landscape changes
* Keep abreast of new security threats
* Create a culture of security within your organisation
For more information on Encryptech's data security services, please contact Encryptech on:
info@encryptech.co.za.
+27 11 593 2394
http://www.encryptech.co.za/
Share
Editorial contacts