Sensitive Data Analysis in a Fictional Organization

🕵️‍♀️🏢 Sensitive Data Analysis in a Fictional Organization

⚠️ Disclaimer: This project is currently in beta. The instructor reserves the right to modify any of its goals or deliverables at their discretion.

Objective 🎯

In this project, you will conduct a sensitive data analysis for a fictional organization, "TechCorp Inc." Your goal is to identify and classify types of sensitive data within the organization and map out data flows and risk points.

Background 📚

TechCorp Inc. is a mid-sized software development company with 200 employees. They develop custom software solutions for various industries, including finance, healthcare, and e-commerce.

Carefully examine the following document TechCorp Inc. Company Overview. This document contains detailed information about the company's:

• Organizational structure 🏗️
• Department functions and responsibilities 👥
• Key business processes 🔄
• IT infrastructure 💻
• Client base and partnerships 🤝
• Internal policies and procedures 📋

Please review this document thoroughly before proceeding with the project tasks.

Project Tasks 📝

1. Identify and Classify Sensitive Data 🔍

a) Using the information provided in the "TechCorp Inc. Company Overview" PDF, review the following departments and identify potential sensitive data:

• Human Resources 👨‍👩‍👧‍👦
• Finance 💰
• Research and Development 🧪
• Customer Support 🎧
• Sales and Marketing 📈

b) For each department, create a list of at least 5 types of sensitive data they might handle, based on the specific information provided in the PDF. Examples might include:

• Personal Identifiable Information (PII) 🆔
• Financial data 💳
• Intellectual Property 💡
• Health Information 🏥
• Customer data 👥

c) Classify each type of data according to its sensitivity level:

• High: Extremely sensitive, requires utmost protection 🔴
• Medium: Sensitive, requires significant protection 🟠
• Low: Less sensitive, but still requires some protection 🟢

Use the company policies and industry standards mentioned in the PDF to guide your classification.

2. Map Data Flows and Risk Points 🗺️

a) Create a diagram showing how data flows between departments. Use the information about business processes and IT infrastructure provided in the PDF. Consider:

• Internal communication channels (email, chat, shared drives) 📧💬📁
• External communication (client interactions, vendor communications) 🌐
• Data storage locations (on-premises servers, cloud storage) 💾☁️

b) Identify at least 3 potential risk points in the data flow where sensitive data could be exposed or leaked. Reference specific scenarios or processes mentioned in the PDF. ⚠️

c) For each risk point, suggest a basic DLP control that could be implemented to mitigate the risk, taking into account TechCorp's existing security measures described in the PDF. 🛡️

3. Report Your Findings 📊

Prepare a brief report (1-2 pages) summarizing your analysis. Include:

• List of sensitive data types by department 📋
• Data classification results 🏷️
• Data flow diagram 🔀
• Identified risk points and suggested DLP controls 🚨

Deliverables 📦

1. Sensitive Data Inventory (spreadsheet or table) 📑
2. Data Flow Diagram (can be hand-drawn or created using a digital tool) 🖼️
3. Analysis Report (1-2 pages) 📄

Tips 💡

• Think about the types of data each department typically handles in a real-world scenario.
• Consider both digital and physical forms of data.
• Remember that data can be sensitive due to legal requirements, business value, or personal privacy concerns.

Conclusion 🏁

This project will help you understand the process of identifying sensitive data within an organization and recognizing potential risk points. These skills are crucial for implementing effective DLP strategies in real-world scenarios.

Additional Resources 📚

• TechCorp Inc. Company Overview PDF