Would like to brainstorm: out there what are the controls/measures organizations put in place
when transferring/processing data (within same company) but across countries (which has
different laws & regulations) ?
So far, thought of the following: pls add on or comment. Certainly remove if there are
- Endpoint Encryption (if data flows to endpoint): what about data at rest??
- USB lockdown
- Web Scanning
- Email screening
Servers / DB
- Database Activity Monitoring? Is built-in DB audit trail sufficient or need
DB activity monitoring tools like Imperva ?
- Data masking of card# (for PCI-DSS)
- Need DB encryption?
- Encryption of files (what are the standards?)
- VPN / secure file transfers (is SSL/TLSV1.2 enough) ?
- Is there a need to sign NDA (for intra-company or this applies only to inter-company)
Is this treated as 'Outsourcing' if it's intra-company ?