Week 3 - Tutorial
Week 3 - Tutorial
1 Personal data identification, categorization, and classification 5 Organization and responsibilities in data protection
1
RMIT Classification: Trusted
Based on these requirements, mandatory cybersecurity controls can be set up in all of the levels of the governance control blocks. This makes it easier
to plan the involvement of different profiles in the compliance project. How do these GDPR requirements affect each governance and management
block? The first row has been done as an example for you.
Block Task Responsibility
Cybersecurity strategy review security strategy to include privacy
requirements suppliers, outsourcing, data transmission Board of Directors, Senior Management
define risk appetite for data privacy
2
RMIT Classification: Trusted
1 Not all systems are inventoried or classified 4 There is no automated data leak protection
3 Encryption is not used. Data flows are not classified 6 There are no planned tests of large-scale cyber attacks
For each of the findings, in groups make recommendations and note their impact on the blocks in three-level control model by filling the reactive
approaches using the three-level control model worksheet provided below.
Identify Asset management ID.AM-5: Resources 1. Not all systems are e.g., Define a classification Asset Management
(e.g., hardware, inventoried or and asset inventory. Include
devices, data, time, classified data flows
personnel, and
software) are
prioritized based on
their classification,
3
RMIT Classification: Trusted