A common data classification for a zone is about shared availability, confidentiality, integrity, access controls, audit, logging and monitoring requirements. Communication is only allowed between systems in adjacent zones. Think about the importance of the data and systems in that particular zone and who should have access to it. As a side effect, systems that are subject to regulatory compliance can be grouped in subzones to limit the scope of compliance checking and therefore, reduce costs and time needed to complete long-winded audit processes. Instead of protecting everything with the same level of protection, you associate systems and information to specific zones. While securing your environment much granular and better, you will also lower costs associated with it. By using zones, you have an effective strategy for reducing many types of risks. To do a defense-in-depth, you should identify the most valuable data and build layers of defense around it to protect its availability, integrity and confidentiality.Ī zone is an area having a particular characteristic, purpose, use and/or subject to particular restrictions. Ultimately, all security is about protecting a valuable asset - in this case it is Data – but that protection involves a defense-in-depth strategy that includes all layers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |