Information ClassificationA product development team that handles trade secrets develops a classification scheme for information and applies it to all documentation and communications.
Information Security Awareness TrainingAn organization requires all employees to take information security awareness training that examines memorable test cases whereby social processes allowed information to be disclosed that enabled security attacks.
EncryptionEncrypting all data in storage and transit on all devices.
Conversation PoliciesPolicies that prevent employees from discussing confidential business outside of secured locations.
Secure LocationsMergers & acquisition talks that take place at a private location provided by advising banks. Talks may be confined to a single room with a focus on using paper documents that can't be removed from the room.
Data RelationshipsA customer is cautious about giving out their mobile phone number because they are aware that this can be used as a key to pull up data about them.
LegalA bank considers privacy policies and information security capabilities in the selection of technologies and services.
ReputationA customer considers the reputation of a telecom provider in protecting customer privacy.
Clean DeskAn organization requires employees to keep desks free of paper and lock up devices when they aren't attended.
ToolsA small business runs untrusted programs and web browsers in a sandbox tool that confines information security attacks to a virtual environment.
Social MediaA bank advises customers to avoid disclosing information in social media that is commonly used in security checks to confirm identify.
CommunicationsA bank advises customers to contact them immediately if they do not receive bank statements in the mail.
Web ForgeryAn insurance company asks clients to report websites that use similar web addresses and visual symbols of the company such as logos.
Internet of ThingsA business avoids purchasing non-essential internet connected devices that contain sensors that may compromise security.
DevicesA confidential meeting conducted by a standards organization asks that participants leave devices that are internet connected such as watches outside the room.
Incident ReportingA sales team is trained to immediately report potential security breaches such as loss of a mobile device or accidental click on a suspicious email link.
RegulationsA government establishes laws and regulations that prevent telecom companies from selling data about customers such as monitored communications, location and sensor data.
|Overview: Operations Security
Tools, procedures, regulations and awareness geared towards protecting information in day-to-day activities.