Skip to content

07. Data security

Jump to bottom Edit New page
Mark Barlow edited this page Mar 22, 2016 · 10 revisions

7. Evaluate what user data and information the digital service will be providing or storing, and address the security level, legal responsibilities, privacy issues and risks associated with the service (consulting with experts where appropriate).

Link to corresponding item in JIRA: https://jira.informed.com:8443/browse/FCOLOI-160

Questions

  • Describe your team's approach to security and risk management.
  • Describe the threats to your service.
  • What fraud vectors exist and what controls are you putting in place?
  • Describe your interactions with the business and information risk teams, e.g. SIRO (Senior Information Risk Owner), IAO (Information Asset Owner), Data Guardians.
  • Describe any outstanding legal concerns e.g. data protection or data sharing.
  • Describe your cookie and privacy policy and how you arrived at it?

Evidence

Service Manager able to:

  • describe their team’s approach to security and risk management.
  • describe the threats to their service.
  • explain what fraud vectors exist and what controls they are putting in place.
  • describe their interactions with the business and information risk teams e.g. SIRO (Senior Information Risk Owner), IAO (Information Asset Owner), Data Guardians.
  • describe any outstanding legal concerns e.g. data protection or data sharing.
  • present their cookie and privacy policy and explain how they arrived at it.

Original alpha answers below

Questions

  • Describe the perceived threats to your service and how you are designing the prototype to mitigate them?
  • What fraud vectors exist and what controls are you prototyping?

  • For security reasons, information about the security threats, vulnerabilities and vectors that are likely to affect the Legalisation Digital service, and the controls that will be implemented to mitigate these, has not been made available on this Wiki.

  • This information will be presented during the Beta review.

Evidence

Service Manager able to:

  • describe the perceived threats to the service and explain how they are designing the prototype to mitigate them.
  • explain what fraud vectors exist and what controls they are prototyping.
Add a custom footer
Add a custom sidebar
Clone this wiki locally