programming4us
           
 
 
Programming

Cloud Security and Privacy : What Is the Data Life Cycle?

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
12/6/2010 9:07:19 AM
Personal information should be managed as part of the data used by the organization. It should be managed from the time the information is conceived through to its final disposition.

Protection of personal information should consider the impact of the cloud on each of the following phases as detailed in Figure 1.

Figure 1. KPMG data life cycle


The components within each of these phases are:


Generation of the information

  • Ownership: Who in the organization owns PII, and how is the ownership maintained if the organization uses cloud computing?

  • Classification: How and when is PII classified? Are there limitations on the use of cloud computing for specific data classes?

  • Governance: Is there a governance structure to ensure that PII is managed and protected through its life cycle, even when it is stored or processed in a cloud computing environment?


Use

  • Internal versus external: Is PII used only within the collecting organization, or is it used outside the organization (e.g., in a public cloud)?

  • Third party: Is the information shared with third parties (e.g., subcontractors or CSPs)?

  • Appropriateness: Is the use of the information consistent with the purpose for which it was collected? Is the use within the cloud appropriate based on the commitments the organization made to the data subjects?

  • Discovery/subpoena: Is the information managed in the cloud in a way that will enable the organization to comply with legal requirements in case of legal proceedings?


Transfer

  • Public versus private networks: When information is transferred to a cloud is the organization using public networks, and is it protected appropriately? (PII should always be protected to address the risk level and legal requirements.)

  • Encryption requirements: Is the PII encrypted? Some laws require that PII will be encrypted when transmitted via a public network (and this will be the case when the organization is using a public cloud).

  • Access control: Are there appropriate access controls over PII when it is in the cloud?


Transformation

  • Derivation: Are the original protection and use limitations maintained when data is transformed or further processed in the cloud?

  • Aggregation: Is data in the cloud aggregated so that it is no longer related to an identifiable individual (and hence is no longer considered PII)?

  • Integrity: Is the integrity of PII maintained when it is in the cloud?


Storage

  • Access control: Are there appropriate controls over access to PII when stored in the cloud so that only individuals with a need to know will be able to access it?

  • Structured versus unstructured: How is the data stored to enable the organization to access and manage the data in the future?

  • Integrity/availability/confidentiality: How are data integrity, availability, and confidentiality maintained in the cloud?

  • Encryption: Several laws and regulations require that certain types of PII should be stored only when encrypted. Is this requirement supported by the CSP?


Archival

  • Legal and compliance: PII may have specific requirements that dictate how long it should be stored and archived. Are these requirements supported by the CSP?

  • Off-site considerations: Does the CSP provide the ability for long-term off-site storage that supports archival requirements?

  • Media concerns: Is the information stored on media that will be accessible in the future? Is the information stored on portable media that may be more susceptible to loss? Who controls the media and what is the organization’s ability to recover such media from the CSP if needed?

  • Retention: For how long will the data be retained by the CSP? Is the retention period consistent with the organization’s retention period?


Destruction

  • Secure: Does the CSP destroy PII obtained by customers in a secure manner to avoid potential breach of the information?

  • Complete: Is the information completely destroyed? Does the destruction completely erase the data, or can it be recovered?

The impact differs based on the specific cloud model used by the organization, the phase (Figure 7-1, shown earlier) of personal information in the cloud, and the nature of the organization. The following analysis provides some of these considerations; however, every organization should consider performing a Privacy Impact Assessment (PIA) before embarking on a cloud computing initiative that involves personal information.
Other -----------------
- Making Your Site Accessible to Search Engines
- Security Management in the Cloud - Security Vulnerability, Patch, and Configuration Management (part 2)
- Security Management in the Cloud - Security Vulnerability, Patch, and Configuration Management (part 1)
- Security Management in the Cloud - Access Control
- Security Management in the Cloud - IaaS Availability Management
- Security Management in the Cloud - PaaS Availability Management
- Security Management in the Cloud - SaaS Availability Management
- Security Management in the Cloud - Availability Management
- Security Management in the Cloud
- The Art of SEO : Trending, Seasonality, and Seasonal Fluctuations in Keyword Demand
- The Art of SEO : Leveraging the Long Tail of Keyword Demand
- The Art of SEO : Determining Keyword Value/Potential ROI
- Identity and Access Management : Cloud Service Provider IAM Practice
- Identity and Access Management : Cloud Authorization Management
- Identity and Access Management : IAM Practices in the Cloud (part 2) - Federated Identity
- Identity and Access Management : IAM Practices in the Cloud (part 1) - Cloud Identity Administration
- iPad SDK : Keyboard Extensions and Replacements (part 4) - Creating the Calculator
- iPad SDK : Keyboard Extensions and Replacements (part 3) - Creating the Keyboard Input View
- iPad SDK : Keyboard Extensions and Replacements (part 2)
- iPad SDK : Keyboard Extensions and Replacements (part 1) - Adding a Keyboard Button in Dudel
 
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us