Secure Controls Framework Launches Security and Privacy by Design Principles

Share Article

The Secure Controls Framework (SCF), a free resource for businesses, adds onto its existing cybersecurity and privacy controls with principles to guide security and privacy by design.

Secure Control Framework free security and privacy controls

Secure Control Framework's Security & Privacy by Design Principles

The concept of building security and privacy into technology solutions both by default and by design is a basic expectation for businesses, regardless of the industry. The S|P is a free set of security and privacy principles that leverage the SCF's extensive cybersecurity and privacy control set.

The concept of building security and privacy into technology solutions both by default and by design is a basic expectation for businesses, regardless of the industry. The S|P is a free set of security and privacy principles that leverage the SCF's extensive cybersecurity and privacy control set.

The “S pipe P” logo is a nod to the computing definition of the | or “pipe” symbol (e.g., shift+backslash), which is an inter-process communication mechanism that allows the output of one process to be used as input to another process. In this way, a series of commands can be "piped" together to more quickly and easily perform complex multi-stage processing. Essentially, the concept is that security principles are being “piped” with privacy principles to create secure processes in an efficient manner.

The thirty-two S|P principles cover each of the domains from the SCF:
1. Security & Privacy Governance
2. Asset Management
3. Business Continuity & Disaster Recovery
4. Capacity & Performance Planning
5. Change Management
6. Cloud Security
7. Compliance
8. Configuration Management
9. Continuous Monitoring
10. Cryptographic Protections
11. Data Classification & Handling
12. Embedded Technology
13. Endpoint Security
14. Human Resources Security
15. Identification & Authentication
16. Incident Response
17. Information Assurance
18. Maintenance
19. Mobile Device Management
20. Network Security
21. Physical & Environmental Security
22. Privacy
23. Project & Resource Management
24. Risk Management
25. Secure Engineering & Architecture
26. Security Operations
27. Security Awareness & Training
28. Technology Development & Acquisition
29. Third-Party Management
30. Threat Management
31. Vulnerability & Patch Management
32. Web Security

For more information on the SCF or the S|P, please visit http://scf.securecontrolsframework.com/scf-security-privacy-by-design-principles.pdf

About The Secure Controls Framework (SCF)
The SCF is made up of volunteers, mainly specialists within the cybersecurity profession, who focus on Governance, Risk and Compliance (GRC) and the cybersecurity side of privacy. These are auditors, engineers, architects, incident responders, consultants and other specialists who live and breathe these topics on a daily basis. The SCF has the ambitious goal of providing cybersecurity and privacy control guidance to cover the strategic, operational and tactical needs of organizations, regardless of its size, industry or country of origin. The end state is to help companies become and stay compliant with cybersecurity and privacy requirements.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Tom Cornelius
@scf_support
Follow >
ComplianceForge

Visit website