What is the correct terminology for the overall management of sensitive data?
I am trying to research best practices in this area – but I am not exactly sure what the exact standard term will be so it’s hard to track down. Let me give you an example which may inspire you to the correct terminology.
We have say 5 highly sensitive databases MS-SQL, they have been secured in line with MS security best practice guidance. As has the host operating system (windows 2003 server).
But, then you find admin’s have taken clones or extracts of the database and housed them on other servers. Or during backup testing they have saved a backup of all the data in the database on another less secure server. These kind of issues are common place.
There must be some sort of title on how to best govern and protect against this kind of activity?
Can you name the exact principle/standard for this?