Designing Data Classification and Secure Store Policy According to SOC 2 Type II

Deineka, O. та Harasymchuk, O. та Partyka, A. та Obshta, A. та Korshun, Natalia (2024) Designing Data Classification and Secure Store Policy According to SOC 2 Type II Cybersecurity Providing in Information and Telecommunication Systems 2024, 3654. с. 398-409. ISSN 1613-0073

[thumbnail of O_Deineka_O_Harasymchuk_A_Partyka_A_Obshta_N_Korshun_CPITS_3654_2024.pdf]

Текст
O_Deineka_O_Harasymchuk_A_Partyka_A_Obshta_N_Korshun_CPITS_3654_2024.pdf
Download (573kB)

Офіційне посилання: https://ceur-ws.org/Vol-3654/

Анотація

This paper discusses the design of a data classification policy for SOC 2 Type II compliance. SOC 2 Type II is a significant certification that attests to a service organization’s ability to meet the Trust Services Criteria, which encompass security, availability, processing integrity, confidentiality, and privacy. Data classification is a critical first step in establishing a robust data security strategy, as it helps organizations understand what data they have and assigns a level of sensitivity to that data, which informs the security controls that should be applied. The main objectives of data classification are to organize and manage data in a way that enhances its protection and aligns with the overall data security strategy of an organization. Data security plays a pivotal role in the data classification process, as it directly influences how classified data is protected and managed. Designing a data classification policy for SOC 2 Type II compliance involves several challenges and considerations that organizations must navigate to effectively protect sensitive information and maintain the integrity of their service delivery. These challenges and considerations include understanding the scope of data, aligning with the Trust Services Criteria, balancing security with usability, training, and awareness, regular updates, and reviews, defining classification levels, ensuring consistency, automating classification, integration with other policies and controls, dealing with third-party vendors, monitoring and enforcement, and legal and regulatory compliance.

Тип елементу :	Стаття
Ключові слова:	SOC 2 Type II; data classification; data security; access management; storage
Типологія:	Статті у базах даних > Scopus
Підрозділи:	Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки ім. професора Володимира Бурячка
Користувач, що депонує:	Павло Миколайович Складанний
Дата внесення:	09 Квіт 2024 07:14
Останні зміни:	09 Квіт 2024 07:14
URI:	https://elibrary.kubg.edu.ua/id/eprint/48590

Actions (login required)

Перегляд елементу