Big data - Concept and application for telecommunications                       4


            5)      Migration: Data migration is the process of transferring data between storage types, formats, or
                    computer  systems.  It  is  a  key  consideration  for  any  system  implementation,  upgrade,  or
                    consolidation. Data migration occurs for a variety of reasons, including: server or storage equipment
                    replacements or upgrades; website consolidation; server maintenance; and data centre relocation.

            6)      Destruction: Data is permanently destroyed using physical or digital means (e.g., crypto shredding).
            7)      Backup and restoration: Users can create data backups and restore data from backups.


            7       Guidelines for security controls related to data security
            This  clause  provides  guidelines  for  security  controls  related  to  the  stages  of  the  data  security  lifecycle
            described in clause 6.4.

            7.1     Security controls in create stage

            Guidelines for security controls in the create stage include the following:
            a)      CSPs should define categories of data sensitivity. User tagging of data may be leveraged to help
                    classify the data.
            b)      Data should be classified according to its sensitivity when it is created.
            c)      CSPs should consider enterprise digital rights mechanisms or encryption to protect sensitive data
                    from unauthorized access.

            7.2     Security controls in transmit stage
            Guidelines for security controls in the transmit stage include the following:
            a)      CSPs should apply technological methods to ensure the security of the authentication data.

            b)      CSPs should support users in the maintenance of secure transmission of critical operation data and
                    management data.
            c)      Damage to data integrity should be detected promptly during transmission and necessary measures
                    taken to restore data integrity after errors are detected.


            7.3     Security controls in storage stage
            Guidelines for security controls in the storage stage include the following:
            a)      CSPs  should  identify  access  controls  available  to  the  CSC  to  use  with  users'  data  from  storage
                    repositories, such as those defined in [ITU-T X.1631].
            b)      CSPs should apply encryption technology or other safeguards to ensure the storage confidentiality
                    of authentication data.
            c)      CSPs should support users in the maintenance of confidential storage of critical operation data and
                    management data.
            d)      CSPs  should  provide  effective  hard  disk  protection  methods  or  adopt  fragmentally  storage
                    mechanisms to prevent unauthorized users obtaining valid user data from the hard disk, even if it is
                    stolen.
            e)      Damage to storage data integrity should be detected promptly and necessary measures taken to
                    restore data integrity after errors are detected.
            f)      A user's optional configuration of encryption parameters, such as algorithms, strength and schemas,
                    should be supported.
            g)      CSPs should support users in the selection of a third-party encryption mechanism to encrypt the key
                    data.
            h)      CSPs should support data encryption using secure keys and support storage and maintenance of the
                    secure keys locally.




                                                                   Security, privacy and data protection   173