APO03.02 Define Reference Architecture

Establish an enterprise-wide data classification scheme on both business criticality and sensitivity requirements. Use this scheme as the basis for applying data-specific controls, such as encryption, access control, archive, and high availability.

Illustrative Controls and the TIBCO LogLogic Solution

An appropriate data classification scheme serves as the basis for applying, monitoring, and managing data-related IT security controls. The classification scheme provides the means for controlling data access, ensuring the availability of critical data, and maintaining an audit trail for sensitive or critical data access.

To satisfy this objective, the organization must architect a classification scheme that accounts for all enterprise data. The scheme must take into account characteristics and issues such as sensitivity, criticality, encryption, and availability requirements. Implementing data access logging and monitoring helps ensure that the scheme is being applied in a suitable fashion and that data is being accessed by appropriate parties.

Reports and Filter Bloks

Use the following link or reference to see the control objective APO03.02 reports and filter bloks: TIBCO LogLogic Reports and Filter Bloks for Sarbanes-Oxley and COBIT 2019.