Introduction

The use of data security controls ensures only those who are permitted access to a specific piece of data are able to access it. Data security control techniques include encryption, masking and erasure.

Encryption

See endpoint-encryption

FISMA Compliance

FISMA (The Federal Information Security Management Act) has a set of requirements to ensure your data is secure. The National Institute of Standards and Technology Special Publication 800-53 has a set of guidelines that ensure you are FISMA compliant. These include:

• Create an Inventory of Information Systems
• Select applicable security controls
• Implement the security controls
• Assess the security controls
• Authorize the information systems
• Monitor the security controls

PCI Compliance

The PCI Security Standards Council is an organization that sets security standards designed to ensure that all companies maintain a secure environment for the use of and transmission of credit card information. While the scope of PCI Compliance is large, the official PCI v4 compliance lists a few best practices designed to help every day use of credit card information

• Review logged data frequently (information on how this can be done on Windows can be found here)
• Ensure that all failures in security controls are detected an responded to promptly
• Review changes that could introduce security risk
• Perform risk assessment
• Review external connections and third-party access (information on how to do this can be found here)

More information can be found here

Standards for High Risk Digital Data Protection v. 6

Virginia Tech has a list of standards used in the protection of high risk digital data. A full in-depth breakdown of these standards can be found here. Some of these standards utilize techniques explained in these documents, some of which include:

• Encryption
• Access Control