Skip to content

Defining your Assets

links: WS TOC - Crypto Failures - Index

What needs special protection?

Assets which need to be protected include:

  • Passwords
  • Credit Card Numbers (see PCI Data Security Standard (PCI DSS))
  • Private keys (at least lock with password)
  • Sensitive data as specified in regulatory frameworks:
    • General Protection Regulation: GDPR (EU)
    • Federal Act on Data Protection: FADP (CH)
      • Any personal data (data that can be linked to a person), must be protected
      • Goal of keeping this data must be approved
      • Organisation holding such data must declare the data and used techniques to store them to the data commissioner.

What techniques can be used to protect data is described in Recommendations to prevent Crypto Failures.

links: WS TOC - Crypto Failures - Index