Login

Register

Login

Register

#cybersecurity | #hackerspace |

Developing a Data Protection Compliance Program – Verizon’s 9-5-4 Model


In a previous post, I wrote about my key take-aways from Verizon’s 2019 Payment Security Report. While it’s no surprise it was full of interesting and useful data, (Verizon’s yearly Data Breach Investigation Report (DBIR) has become required reading.) I was delighted to find an excellent guide on the the 9-5-4 model, a means by which an organization can measure and improve its data protection program. It also details ways in which a company can measure the maturity of the program. What I appreciated most about this guidance was that it is broadly applicable. It works well with a data protection compliance program as well as with any program you may want to measure. The working details will be different, but the concepts are extremely flexible.

The 9-5-4 model is very simple and easily applied: nine (9) factors of effective data protection controls, five (5) constraints, and four (4) lines of assurance. The factors are assessed against the constraints for each line of assurance. This forms a handy matrix and a quick visual guide for which factors are healthy, which are in need of help, and what kind of help they need. The lines of assurance pinpoint where that help should be applied.

The 9 Factors of the 9-5-4 Model

  1. Control environment
    The sustainability and effectiveness of controls depend on a healthy control environment.
  2. Control design
    Proper control operation to meet security control objectives depends on sound control design.
  3. Control risk
    Without on-going maintenance (security testing, risk management, etc.), controls can degrade over time and eventually break down. Mitigation of control failures requires integrated management of control risk.
  4. Control robustness
    Controls operate in dynamic business and ever-changing threat environments. They must be robust to resist unwanted change to remain functional and perform to specifications (config standards, (Read more…)



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW