2.6 Determine Data Security Controls and Compliance Requirements

Question 1

What are used to protect data at every level of classification?

Answer 1

Controls.

Question 2

What three states can data be in?

Not in continental US

Answer 2

At REST | In TRANSIT | In USE

Question 3

What is Data At Rest and how can it be protected?

Answer 3

Inactive data stored on media, such as hard disks, spreadsheets, databases, etc. | Encryption, Access Control, and Backups/Restorations

Question 4

What is Data In Transit and how can it be protected?

Answer 4

Data flowing across a network | Access Controls and Network Encryption (End-to-end, Link, Onion)

Question 5

What is Data In Use and how can it be protected?

Answer 5

Data being used in computational activities | Homomorphic Encryption, Role-Based Access Controls (RBAC), Digital Rights Protections (DRP), Data Loss Prevention (DLP)

Question 6

What is the best way to ensure Data At Rest in the cloud is protected?

Answer 6

First, encrypt the data locally before migrating it to the cloud.

Question 7

Data in Transit is also known as what?

Answer 7

Data in Motion.

Question 8

What is End-to-End Encryption?

Answer 8

It means that the data portion of a packet is encrytped once it leaves the source node and remains that way until decryption by the destination node.

Question 9

What is a risk of end-to-end encryption? Give an example.

Answer 9

While the data contents is encrypted, the routing information is not which can reveal information about the packet contents. This prevents absolute anonymity. | VPNs are end-to-end encrypted, but your source and destination can be received out.

Question 10

What is Link Encryption?

Answer 10

Differing from End-To-End encryption, the packet data and header are encrypted. However, the data is decrypted then re-encrypted at each node. This allows the packet to reach its destination while in transit from adversaries in the middle, but not from people with access to the node.

Question 11

Why isn’t Link Encryption Entirely Secure?

Answer 11

Because data is decrypted at each node, then re-encrypted. While the data is safe in transit, it is at risk of routing information being disclosed at each node.

Question 12

What type of encryption is used by Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extrensions (S/MIME)?

Answer 12

End-to-end encryption.

Question 13

How does an Onion Network work?

Answer 13

Packets are encrypted multiple times, where each node only decrypts the location of the next node destination. This is popular with The Onion Router (TOR)! Only the nodes adjacent to the source and destination can have an inkling of where those nodes reside, but they cannot know both.

Question 14

What does Homomorphic Encryption allow?

Answer 14

It allows data in use to be used for calculations while being encrypted.

Question 15

What does Data Loss Prevention and Data Rights Protections do to Protect Data in Use?

Answer 15

They limit the actions someone can take when someone accesses the information.

Question 16

What is Information Obfuscation?

Answer 16

Also known as Information Masking, it is the action of making data obscure, unclear, or unintelligible.

Question 17

What is the goal of Information Obfuscation?

Answer 17

To make data intercepted by adversaries difficult, if not impossible, to understand even in plaintext.

Question 18

What does Concealing Data do?

Answer 18

Completely removes access to sensitive data. Users do not have access, nor do they have visbility and teh attribute does not appear on computer screens and reports.

Question 19

What does Pruning Information/Data do?

Answer 19

Takes place in non-production environment, involves the removal of sensitive data form attributes. The attribute will be on the users screen, but the value will be non-existent.

Question 20

What is Fabricating data for?

Answer 20

To replace real data when testing full functionality of n application. | Creates fake data to prevent unauthorized access and viewing of actual data.

Question 21

What does it mean to Trim data?

Answer 21

Removes part of an attribute’s value and is typically used for identification/ This is similar to using a portion of a Social Security Number (SSN) or credit card number for verification.

Question 22

What is encryption of data for?

Answer 22

Done at the attribute, table, or database level. With the proper access key, encyrpted data can be transformed from ciphertext to plaintext.

Question 23

What is Digital Rights Management (DRM)?

Answer 23

Focus on limiting the use, modification, and sharing of copyrighted or otherwise proprietary and protected works.

Question 24

What are examples of Intellectual Property Protected by Digital Rights Management (DRM)?

Answer 24

Movies and other audio and visual works created by publishers, Video Games, Digital Music, eBooks, and Cable/Satellite service providers.

Question 25

How does Digital Rights Managment (DRM) achieve their goal of allowing people to maintain control over their Intellectual Property and maintain income streams through licensing and rentals?

Answer 25

Licensing agreements and restrict acces, Encryption, Embedding of digital tags that tie specific license holders, theoretically preventing sharing with others, and use of related technologies that restrict copying or viewing of certain content.

Question 26

In 1998, what was signed into law in the United States to provide legal recourse for violation of Digital Rights Managment (DRM) protections and the rights of intellectual property holders?

Answer 26

The Digital Millennium Copyright Act (DMCA).

Question 27

Digital Right Marketing (DRM) is often used to protect media such as Movies and Songs, what subset of DRM can be used to protect sensitive documents within an organization from unauthorized access and usage?

Answer 27

Information Rights Management (IRM)

Question 28

What is Data Loss Prevention?

Answer 28

The ability to Identify, Monitor, and protect data in use, in motion, and at rest. through deep packet content inspection, contextual security analysis of transaction, within a centralized management framework.

Question 29

What three types of data does Data Loss Prevention (DLP) protect?

Answer 29

Data at Rest, Data In Motion, Data In Use.

Question 30

What ultimate goal does Data Loss Prevention (DLP) attempt to achieve?

Answer 30

Detect and Prevent data breaches and potential data exfiltation.

Question 31

What can Data Loss Prevention (DLP) do to Data in Motion if it recognizes potentially dangerous attributes in the data’s content, packets, logs, and general behavior?

Answer 31

Block the data in motion from reaching its destination, or redirect the information to a secure location for analysis.