Personnel must have security guidelines that deal with e.g. the following topics:
Privileged utility programs are applications that require system or administrative privilege to do their jobs. Different kinds of utilities can include system utilities (e.g. malware protection), storage utilities (e.g. backup), file management utilities (e.g. encryption) or others (e.g. patching).
If use of privileged utility programs is permitted, the organisation should identify all privileged utility programs, also ones that are used in its cloud computing environment.
Organisation should ensure utility programs don’t interfere with controls of data systems hosted in any way (on-premises or cloud).
A large amount of valuable information in an organization has often accumulated over time into hard-to-find and manageable unstructured data — excels, text documents, intranet pages, or emails.
Once this information has been identified, a determined effort can be made to minimize its amount.Important data outside data systems is subject to one of the following decisions: