assessment

Evaluating Data Access Readiness

Check out the full Privacy Engineering Certification

For more on this topic, take the Course: Security & Privacy

2 min read

Share this doc:

Protecting data privacy is complex; no single model or method is likely to account for every privacy risk. It's important to evaluate your organization's unique situation and prepare for the specific challenges and threats your team faces.

Use this assessment to evaluate your organization's data access practices and make a plan for actionable improvement. Read the following goals and select each statement that describes the data access strategy you implement at your organization.

Total points

(1 point per check)

Goals

You use role-based access controls (RBAC) with roles mapped to data classification levels.
1. Role-based access controls are in place at our organization.
3. We map access levels to data classification levels.
You ensure critical access keys are never discoverable in code or stored on hard drives.
1. Critical access keys are not present in our code, stored on hard drives, or present on code repositories like GitHub and GitLab.
You map decryption keys for less sensitive data to data stores so you can add or remove privileges at scale.
1. We map decryption keys to data stores.
You use access controls beyond the traditional username/password combination, like multifactor authentication (MFA).
1. We configure advanced access controls like multifactor authentication (MFA).
You require password protection for accounts and links and encryption for the most sensitive data while in transit.
1. Password protection is required for the most sensitive data.
3. Encryption is required for the most sensitive data.
You require client-side encryption for any sensitive data stored in the public cloud.
1. We encrypt all sensitive data stored in the public cloud on the client side.

Scoring

0-3 You've got work to do.

Data access levels need to be proactively planned, monitored, and enforced.

Engage with cross-functional stakeholders to review this assessment and determine next steps. Without improving your data access practices, you leave your team and your users vulnerable to exploitation.

4-6 You're on the way

You have taken some important first steps toward implementing a comprehensive data access level plan.

Meet with your cross-functional team and ask: What are we missing? Which internal, and/or external stakeholders do we need to consult to improve our data access strategy? What are the largest vulnerabilities you need to address, and in what order should you address them?

7-8 You're in a good position

You and your organization have built a solid foundation toward understanding the state of your data access strategy.

Meet with your cross-functional team to evaluate any readiness points you didn't achieve. Are you in the best position to operationalize your data access deployment?

For more on this topic, take the Course:

1 Course

Security & Privacy

In this course, you will learn how to build a framework that reduces the attack surface for sensitive data and how to implement tools for the management of access control and monitoring, such as Access Control Lists (ACLs) and encryption keys.

Get Started