Cybersecurityrefers to preventative methods used to protect information and information systems from unauthorized access, compromise or attack. Cybersecurity requires an understanding of potential threats and utilizes strategies that include, for example, identity management, risk management and incident management.
Safeguards- Includes the policies, procedures, requirements, and practices that are necessary for maintaining asecure environmentfor the storage and dissemination of information.
Classification- Becausedata must be protected from unauthorized use, access, disclosure, modification, loss or deletion, each USG institution must classify each record. Whenclassifying a collection of data,the most restrictive classification of any of the individual elements should be used based on aclassification structurerequired by regulations governing specific data domains as well as USG and AU policies.
Access Procedures- Processes to ensuresecure and appropriateaccess to data and information systems, and to the data used, processed, stored, maintained and/or transmitted in and through those systems is essential to protect the institution against cybersecurity threats and dangers.
Segregation & Separation of Duties- In addition to having a well-organized and defined data governance structure, USG organizations must ensure that its organizational structure, job duties, and business processes include anadequate system of separation of duties (SOD)taking into account a cost-benefit and risk analysis.