// Enforces data protection at every stage of its lifecycle for Black Trigram — classification, HTTPS/TLS 1.2+, CSP, SRI, minimal retention, aligned with Hack23 Data Classification Policy and GDPR Articles 5, 25, 32
Enforces systematic threat modeling for Black Trigram using STRIDE, MITRE ATT&CK, and attack trees — maintains THREAT_MODEL.md and FUTURE_THREAT_MODEL.md aligned with Hack23 Threat Modeling Policy and Secure Development Policy §3.2
Enforces C4 Architecture Model documentation standards for Black Trigram. Ensures ARCHITECTURE.md, DATA_MODEL.md, FLOWCHART.md, STATEDIAGRAM.md, MINDMAP.md, SWOT.md and their FUTURE_* variants are maintained with strategic, rule-based principles.
Enforces WCAG 2.1 Level AA accessibility for Black Trigram — semantic HTML, ARIA, keyboard navigation, 4.5:1/3:1 contrast, screen reader support, and prefers-reduced-motion for inclusive Korean martial arts gameplay
Enforces AI governance for Black Trigram — transparent and accountable AI-assisted development aligned with Hack23 AI Governance Policy, EU AI Act, NIST AI RMF, and Information Security Policy
Enforces code quality standards for Black Trigram — maintainable, type-safe TypeScript with low complexity, organized imports, explicit error handling, and search-before-create discipline
Enforces consistent documentation standards for Black Trigram — JSDoc/TSDoc completeness, architecture currency, bilingual Korean-English content, and security documentation updates
| name | data-protection |
| description | Enforces data protection at every stage of its lifecycle for Black Trigram — classification, HTTPS/TLS 1.2+, CSP, SRI, minimal retention, aligned with Hack23 Data Classification Policy and GDPR Articles 5, 25, 32 |
| license | MIT |
Strategic Principle: Protect data at every stage of its lifecycle - in transit, at rest, and in use.
Enforce data protection standards for Black Trigram, ensuring all data handling follows encryption, classification, and protection requirements aligned with Hack23 ISMS and EU regulations.
Reference: Hack23 ISMS Data Classification Policy | Hack23 ISMS Cryptography Policy
IF (handling any data in the application)
THEN (classify as: Public, Internal, Confidential, or Restricted)
ELSE (unclassified data gets inadequate protection)
IF (data transmitted over network: API calls, asset loading)
THEN (use HTTPS/TLS 1.2+ exclusively, no HTTP fallback)
ELSE (data interception vulnerability)
IF (sensitive data stored: localStorage, IndexedDB, files)
THEN (encrypt with AES-256 or use Web Crypto API)
ELSE (stored data accessible to any script on the domain)
IF (storing user data beyond session)
THEN (define retention period, implement automatic cleanup)
ELSE (indefinite data retention violates GDPR Art. 5(1)(e))
| Classification | Examples | Protection Required |
|---|---|---|
| 🟢 Public | Game assets, open source code | Integrity verification |
| 🟡 Internal | Game configuration, build artifacts | Access control |
| 🟠 Confidential | API keys, deployment secrets | Encryption + access control |
| 🔴 Restricted | User credentials (if any), PII | Encryption + audit + access control |
// ✅ GOOD: Minimal, classified data storage
interface GameSettings {
readonly volume: number; // Public - user preference
readonly language: 'ko' | 'en'; // Public - user preference
readonly difficulty: string; // Public - game setting
}
// Store only what's needed
function saveSettings(settings: GameSettings): void {
localStorage.setItem('bt_settings', JSON.stringify(settings));
}
// ❌ BAD: Storing sensitive data without protection
localStorage.setItem('auth_token', token);
<!-- ✅ Strict CSP for game assets -->
<meta http-equiv="Content-Security-Policy"
content="default-src 'self';
script-src 'self';
style-src 'self' 'unsafe-inline';
img-src 'self' data: blob:;
connect-src 'self' https:;
font-src 'self' https://fonts.gstatic.com;">
<!-- ✅ SRI for external resources -->
<script src="https://cdn.example.com/lib.js"
integrity="sha384-..." crossorigin="anonymous"></script>
User Input → Validation → Processing → Sanitization → Output
↓ ↓
Type Guards Encryption
Schema Validation Access Control
XSS Prevention Audit Logging
흑괘의 데이터 보호 - Data Protection of the Black Trigram