The Center for Internet Security Controls or CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of Cybersecurity controls.

Safeguard 3.12 requires you to segment data processing and storage based on the sensitivity of the data.

Here datasecurity is calling for sensitive data to be retained and accessed only on the enterprise assets intended for that level of data.

Let's try to put it in other terms. The US Government uses what is known as a SCIF (Sensitive Compartmented Information Facility) or a secure room that guards against electronic surveillance and suppresses data leakage of sensitive military and security information. In order to access the room a person has to leave anything that could capture or remove data from the room. Maintaining data security at the highest level.

Now you don't need to establish a SCIF to maintain data security but I have seen and implemented for many organizations an Air Gapped computer which is a establishment of a computer and sensitive data off of the primary computer network and without internet connectivity.

You don't have to go to an air-gapped network, or even the degree that Kentucky Fried Chicken goes to maintain Colonel Harland Sanders' handwritten recipe but if you are looking to meet compliance with Implementation Group 2, you will be required at a minimum to create some segmentation of sensitive data. Simply establishing Virtual Networking or VLANs and segment your sensitive data groups and systems you can meet this while maintaining your primary network for Facebook videos and reading my latest LinkedIn posts - or actual work

Ohhh and please stop emailing sensitive data. A simple typo can release the data. Just look at the latest DOD breach where employees were emailing .ml domain versus the .mil domain. Yes it happened - https://lnkd.in/efmsFQ2a

Join the conversation - https://www.linkedin.com/feed/update/urn:li:activity:7087872503020183553?utm_source=share&utm_medium=member_desktop