← Patterns / SP-013

Data Security Pattern

Data security pattern to define security controls required to secure data or information processed by business services

Release: 08.02 Authors: Russell Updated: 2025-07-05

Your browser does not support SVG. Download the diagram.

Click on controls in the diagram to view details. Download SVG

When to Use

Organizations who process Personally Identifiable Information (PII), are in regulated sectors (Health, Finance, Government etc) or process commercially sensitive information.

When NOT to Use

Publically available information, freely available from many sources.

Typical Challenges

Management appetite. Selling in the organisation. Keeping it simple, and cutting through the complexity of environment. Building the right awareness and training campaign. Looking forward, the challenges to maintain data security are likely to get harder. The pace of technological change is quickening. The level and sophistication of external threats, such as e-crime, is increasing. Improving services will mean greater use of data within organisations and more data sharing.

Threat Resistance

To be determined.

Assumptions

None.

Mapped Controls (33)

AC: 8AT: 2CA: 1CP: 1IA: 1MP: 5PE: 2PL: 1RA: 4SC: 5SI: 3