II.C.13 Control of Information
Management should control and protect access to and transmission of information to avoid loss or damage and do the following:
- Establish and supervise compliance with policies for storing and handling information, including storing data on mobile devices and cloud services.
- Define and implement appropriate controls over the electronic transmission of information.
- Facilitate safe and secure disposal of sensitive information.
- Secure physical media in transit.
II.C.12 Malware Mitigation