ISO/IEC 27001 Control 8.12: Data leakage prevention
Control
Data leakage prevention measures should be applied to systems, networks and any other devices that process, store or transmit sensitive information.
Necessity of MidPoint
MidPoint's contribution to implementation of this control is marginal.
Implementation of the control is mostly outside the scope of identity governance and administration (IGA), therefore midPoint cannot provide significant advantage. However, midPoint can still provide minor supporting information and functionality.
Implementation Overview
MidPoint can provide supporting information for data leakage prevention.
Implementation Details
Application inventory and information classification can provide information about the data that needs to be monitored for data leakage. Projection links can be used to track systems where person data were copied, which may help in selecting systems for data leakage monitoring.
Rationale
Data leakage prevention is almost completely out of scope of identity management. MidPoint can only provide supplementary information.