4. Control and protection of information carriers

[rakhirhif8963]

3. Classification, labeling and handling of assets
Information assets must be classified appropriately to ensure their secure use. If organizations do not define classification levels, they will lack appropriate security controls over sensitive assets.

Classifying assets along with defining the appropriate security requirements helps reduce the likelihood that sensitive information will fall into the wrong hands. Information assets should be classified based on business value, legal requirements, sensitivity, and criticality to the organization. A classification scheme should be developed that differentiates the sensitivity and value of information assets or groups of assets.

To protect organizations from risks associated with the loss of confidentiality, integrity or availability of information carriers, it is necessary to implement means of control over work with information carriers. Access to them and their use should be limited to authorized personnel only. Control over the management of removable indonesia mobile database should be provided, including on laptops. It should include restrictions on the types of media that are allowed/not allowed to be used, as well as requirements for their acceptable use.

Media containing confidential or sensitive information must be securely stored and encrypted in accordance with internal security controls and regulatory requirements until they are destroyed or data is erased from them. Media must be physically controlled and securely stored in areas controlled by the organization.

5. Safe disposal and reuse of assets
Organizations must ensure that the process of disposal or reuse of equipment is strictly controlled. Improper disposal or reuse of any information system, system component, or data storage device can potentially affect the confidentiality of data by inadvertently making it available to an outside audience. This can easily lead to a security incident or data breach that should be reported.