Chapter 7 DXp InformatIon SeCurIty Table 7-1. (continued) Security Public Private Confidential Concern Integrity • minimal or • Integrity checks should • Integrity checks should (to prevent absence be conducted during data be conducted during data information of integrity transmission. transmission. modification) checks • During transport and • During transport and authentication, use certificates authentication, use certificates created by reputed certificate created by reputed certificate authorities (Ca). authorities (Ca). • Checksums should be • Checksums should be enforced for data. enforced for data. Confidentiality • not needed • Should be strictly protected. • Should be strictly protected. (to prevent • Should comply with all • Should comply with all data loss and security and privacy laws and security and privacy laws and data theft) regulations regulations. • encryption should be enforced • encryption should be enforced by default. by default. Incident • Inform the impacted users • Inform the impacted users response upon data loss or data upon data loss or data leakage. leakage. • all security incidents should • all security incidents should be fixed within 24 hours’ time. be fixed within 2 hours’ time. Protecting Private Data In order to fully protect the users’ private data: • Identify all the private data of users. This includes PII (personally identifiable information), user preferences, and such. • Define policies for storing, distributing, access monitoring, and destroying private data. • Get approval from users when sharing private data with external or third-party party services. 207