...
- personnel - trained in data security; signed AUP or Statement of Confidentiality concerning personal data
- access management - strong password or 2-factor authentication are used for authorization; access to data and data modifications are logged
- access protection - firewall or ACL protection
- stored data protection - pseudonymisation; anonymisation; database encryption; hard disk and removable media encryption; other forms of data encryption
- data transfer protection - during transfer data are protected with secure versions of encryption methods such as TLS, VPN, WPA2, SSH
- vulnerability management - software are timely patched; regular vulnerability scanning or penetration testing of applications or systems
- malware protection - end-station malware protection; email malware protection; education of personnel
- data leak protection - IDS; continuous monitoring; removable media policy
- regular backups - stored on safe place; encrypted; restore regularly checked
- incident management - incident response; timely reporting all incident to data controller
- (D)DOS protection - on network, system or application level
...