Back

Incorporate protecting restricted information from unauthorized information flow or unauthorized disclosure into the Strategic Information Technology Plan.


CONTROL ID
06491
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Strategic Information Technology Plan., CC ID: 00628

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • There should be secure storage of media. Controls could include physical and environmental controls such as fire and flood protection, limiting access by means like physical locks, keypad, passwords, biometrics, etc., labelling, and logged access. Management should establish access controls to limit… (Critical components of information security 15) v., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Establishing policies and conducting training to minimize the likelihood that organizational personnel would inadvertently disclose sensitive information regarding critical system design, operations, or security controls through social engineering attempts. Any requests for information by unknown pe… (Critical components of information security 24) viii. ¶ 1 n., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Provide clear direction for ICT security goals and policies for personal data protection within the organisation. (Annex A1: Clear accountability 1, Singapore(PDPC) Guide to Securing Personal Data in Electronic Medium, Revised 20 January 2017)
  • The information security strategy should help defend the organization against threats by incorporating Information Security incident management as a key element of the strategy. (SG.02.01.03c, The Standard of Good Practice for Information Security)
  • The information security strategy should help defend the organization against threats by incorporating Information Security incident management as a key element of the strategy. (SG.02.01.03c, The Standard of Good Practice for Information Security, 2013)
  • protect authenticators from unauthorized disclosure and modification when stored, used and transmitted. (5.7.1 ¶ 1 (d), Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
  • Customer disclosure and compliance information for retail payment systems using new technologies. (App A Tier 1 Objectives and Procedures Objective 9:2 Bullet 2, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Sanitize and minimize information to protect sources and methods. (T0815, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Coordinate with the Chief Information Security Officer to ensure alignment between security and privacy practices (T0917, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Sanitize and minimize information to protect sources and methods. (T0815, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Coordinate with the Chief Information Security Officer to ensure alignment between security and privacy practices (T0917, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • The organization employs {organizationally documented operations security safeguards} to protect key organizational information throughout the system development life cycle. (SC-38 Control, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • This chapter may not be construed as requiring a controller, processor, third party, or consumer to disclose a trade secret. (§ 541.201 (d), Texas Business and Commercial Code, Title 11, Subtitle C, Chapter 541, Subchapter A, Section 541)
  • This chapter may not be construed as requiring a controller, processor, third party, or consumer to disclose a trade secret. (§ 541.201 (d), Texas Business and Commercial Code, Title 11, Subtitle C, Chapter 541, Subchapter A, Section 541)