What is information security about? Many think about firewalls and fighting hackers and malware. Snowden is a good example for another class of information security threats. He represents the risk that an employee gets data – by mistake or on purpose – out of an organization using normal access rights, thereby harming a company’s position on the market or violating compliance needs.
The article Data-Privacy Assessments for Application Landscapes: A Methodolog addresses how to test whether an application exposes sensitive data. So the focus is on identifying potential leaks which might be exploited later on.
The article Testdaten als Risikofaktor (in German) explains the for losing sensitive data (or violating regulatory needs) in development and test environments .
In Data-Loss-Prevention-Tools minimieren Sicherheitslücken in Testumgebungen (in German), we discuss how data loss prevention tools can help managing compliance and data loss related risks of test environments.