Data
| Field |
Value |
| Symbol |
Da |
| Class |
Asset |
| Definition |
Information that has business, legal, operational, personal, or security value. |
Why it matters
Data is the object most security programs ultimately protect. It may include customer data, employee data, intellectual property, credentials, logs, telemetry, regulated records, and business information.
- Data theft
- Unauthorized access
- Accidental disclosure
- Ransomware
- Poor classification
- Excess access
- Weak retention process
- Missing encryption
- Unmonitored sharing
Common safeguards
- Classification
- Encryption
- Access control
- Data loss prevention
- Retention policy
- Backup
Assurance evidence
- Data inventory
- Encryption settings
- Access review report
- Sharing report
- Retention configuration
Framework crosswalk
| Framework |
Mapping idea |
| NIST CSF |
Data security and protective technology outcomes |
| ISO 27001 |
Information classification, handling, and protection controls |
| SOC 2 |
Confidentiality, privacy, and security criteria evidence |