Golden Rule
If its private but not illegal, ignore it If it is illegal, report it If it is illegal and you are working on it, quarantine the system and then document everything you do going forwards.
Classification Scheme
Labels certain company data as internal use only, confidential, top secret, etc. These labels identify:
- Authorization
- Data retention period
Regulated Data
A company must highly regulate and secure:
- Credit card transactions
- Personally Identifiable Information
- Protected Healthcare Information
Software Licenses
Documents on the distribution of software. Can be closed or open source licenses. Some licenses permit software use if they are expired, but prevent further updates and security patches.
- Personal Use License
- Corporate Use License In the end you must sign a EULA