Scribd Logo
Upload

Welcome to Scribd!

  • Data Protection Awarness

    Uploaded by

    Imam Halim Mursyidin
    2 views1 page
    The document outlines information security and data protection awareness topics, including general topics such as why security is important, key terms, and password security. It also includes company-specific topics such as the information security policy, roles and responsibilities, and incident response. For data protection and privacy, the document discusses why it is important, key terms, and requirements around topics such as personal data processing, data subject rights, and security of personal data.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document outlines information security and data protection awareness topics, including general topics such as why security is important, key terms, and password security. It also includes company-specific topics such as the information security policy, roles and responsibilities, and incident response. For data protection and privacy, the document discusses why it is important, key terms, and requirements around topics such as personal data processing, data subject rights, and security of personal data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views1 page

    Data Protection Awarness

    Uploaded by

    Imam Halim Mursyidin
    The document outlines information security and data protection awareness topics, including general topics such as why security is important, key terms, and password security. It also includes company-specific topics such as the information security policy, roles and responsibilities, and incident response. For data protection and privacy, the document discusses why it is important, key terms, and requirements around topics such as personal data processing, data subject rights, and security of personal data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Information Security and Data Protection Awareness Topics

    1.1, 23.11.2023

    General Company-specific
    1. Why information 1. Information security policy
    security is important? 2. External and internal requirements
    2. Key terms 3. Examples of threats and incidents
    (Information,
    4. Roles and responsibilities, IS Committee, CISO, IS team
    Information Security,
    Threats, 5. Incident notification and response
    Vulnerabilities, Risks, 6. Information classification, labelling, and handling
    ISMS, CIA) 7. Information transfer
    3. General requirements 8. Password and authentication policy
    and recommendations
    9. Acceptable use policy
    4. Password Security
    – Equipment (removable media, printers and scanners, BYOD and
    5. Spam, phishing, spear mobile devices, special equipment, authentication hardware, and
    phishing, vishing and other)
    Information security

    social engineering
    – Corporate services (enterprise file storage, internal portal,
    6. Clear desk and clear corporate email, collaboration platforms (e.g., MS Teams), video
    screen policy conferencing services, remote access and other)
    7. Malware – Online services (personal email, cloud storage, notes, documents,
    8. Remote work and planners and calendars, translators, social media and messengers,
    business trips ChatGPT and other)
    9. Safe web browsing – Shadow IT
    10. Social media use 10. Change management (access rights, new software and hardware)
    11. Data backup and recovery
    12. Business continuity (Strategy, Plans, and Guidelines)
    13. Physical security (badges, access control, secure areas, key
    management, visitors, evacuation plan, and other)
    14. Working in secure areas
    15. Taking photos, audio and video recording and live streaming in the
    workplace
    16. Media and public relations policy
    17. Education and awareness policy
    18. Implementation Plan / Continual Improvement Plan
    19. Other policies and procedures
    1. Privacy vs Data 1. Data protection policy / Privacy policy
    Protection 2. Legislation, regulation and supervisory authorities
    2. Why data protection / 3. Fines (global, country, and industry)
    privacy is important?
    4. Privacy risks (enterprise level)
    3. Key terms (Personal
    5. Roles and responsibilities, Privacy Committee, CPO, DPO/DPM
    Data Protection / Privacy

    data, Processing,
    Controller, Processor, 6. Data breach notification
    Joint controllers, PIMS) 7. Employee monitoring / privacy in working life (inc. CCTV, DLP, SIEM)
    4. General requirements 8. Privacy notices and consents
    and recommendations 9. Records of processing activities (RoPA)
    5. Principles relating to 10. Retention period
    processing of personal
    data 11. Responding to requests (SAs, subjects, partners)
    6. Lawfulness of 12. Data protection impact assessment (DPIA)
    processing 13. Data transfer
    7. Rights of the data 14. Transfers of personal data to third countries
    subject 15. Security of personal data
    16. Data protection by design and by default
    17. Implementation Plan / Continual Improvement Plan
    18. Other policies and procedures

    by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001


    www.patreon.com/AndreyProzorov

    You might also like