https://wiki.owasp.org/index.php?action=history&feed=atom&title=Data_SecurityData Security - Revision history2026-05-03T05:40:00ZRevision history for this page on the wikiMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Data_Security&diff=195211&oldid=prevMelDrews: /* Further References */2015-05-24T20:21:52Z<p><span dir="auto"><span class="autocomment">Further References</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 20:21, 24 May 2015</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l19" >Line 19:</td>
<td colspan="2" class="diff-lineno">Line 19:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>==Further References==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>==Further References==</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>#''Framework for Improving Critical Infrastructure Cybersecurity''. U.S. National Institute of Standards and Technology. (2014). Retrieved from http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf on <del class="diffchange diffchange-inline">25 </del>May 2015.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>#''Framework for Improving Critical Infrastructure Cybersecurity''. U.S. National Institute of Standards and Technology. (2014). Retrieved from http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf on <ins class="diffchange diffchange-inline">24 </ins>May 2015.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>#Joint Task Force Transformation Initiative. ''Security and Privacy Controls for Federal Information Systems and Organizations''. Special Publication 800-53 revision 4. U.S. National Institute of Standards and Technology. (2013) http://dx.doi.org/10.6028/NIST.SP.800-53r4</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>#Joint Task Force Transformation Initiative. ''Security and Privacy Controls for Federal Information Systems and Organizations''. Special Publication 800-53 revision 4. U.S. National Institute of Standards and Technology. (2013) http://dx.doi.org/10.6028/NIST.SP.800-53r4</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>#ISO/IEC 27001:2013. Wikipedia. Retrieved from http://en.wikipedia.org/wiki/ISO/IEC_27001:2013 on <del class="diffchange diffchange-inline">25 </del>May 2015.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>#ISO/IEC 27001:2013. Wikipedia. Retrieved from http://en.wikipedia.org/wiki/ISO/IEC_27001:2013 on <ins class="diffchange diffchange-inline">24 </ins>May 2015.</div></td></tr>
</table>MelDrewshttps://wiki.owasp.org/index.php?title=Data_Security&diff=195210&oldid=prevMelDrews: Initial page creation with control description2015-05-24T20:04:31Z<p>Initial page creation with control description</p>
<p><b>New page</b></p><div>This article addresses data security controls implemented in software features or development processes. Data Security is the name given to a group of controls within the U.S. National Institute of Standards and Technology (NIST) ''Framework for Improving Critical Infrastructure Cybersecurity'' (the Cybersecurity Framework). Subcategories within this category include:<br />
*Data at rest is protected<br />
*Data in transit is protected<br />
*Protections against data leaks are implemented<br />
<br />
Other administrative, operational and architectural controls are included as well, but the above list specifies measures that would be directly reflected in the coding of software features.<br />
<br />
NIST Special Publication 800-53 lists additional related controls within the System and Communications Protection family, which comprises 41 controls in total. Depending on the relevance in a given project, there are at least six of these that could be implemented directly as software features and map back to the Data Security category in the Cybersecurity Framework, including:<br />
*Information in shared resources<br />
*Denial of service protection<br />
*Transmission confidentiality and integrity<br />
*Cryptographic protection<br />
*Transmission of security attributes<br />
*Protection of information at rest<br />
<br />
These controls are implemented through means such as the proper use of cryptography, [[Web_Services_Architecture_and_Security|software security architecture]], [[Error_Handling,_Auditing_and_Logging#Error_Handling|error handling]], and processing labels applied to data.<br />
<br />
ISO 27001:2013 includes controls related to data security within the System acquisition, development and maintenance group.<br />
<br />
==Further References==<br />
#''Framework for Improving Critical Infrastructure Cybersecurity''. U.S. National Institute of Standards and Technology. (2014). Retrieved from http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf on 25 May 2015.<br />
#Joint Task Force Transformation Initiative. ''Security and Privacy Controls for Federal Information Systems and Organizations''. Special Publication 800-53 revision 4. U.S. National Institute of Standards and Technology. (2013) http://dx.doi.org/10.6028/NIST.SP.800-53r4<br />
#ISO/IEC 27001:2013. Wikipedia. Retrieved from http://en.wikipedia.org/wiki/ISO/IEC_27001:2013 on 25 May 2015.</div>MelDrews