3.3 Flashcards
Data protection
safeguarding info from corruption conpromise and loss
Data classification types
sensitive
confidential
public
restricted
private
critical information
Sensitive Data
info that if accessed by unauthorized persons can result in the loss of security or competitive advantage of a company
Commercial Business Classification Levels
Public
sensitive
private
confidential
critical information
Government classification levels
unclassified
sensitive but classified
confidential
secret
top secret
Data ownership
process of identifying the individual responsible for maintaining confidentiality integrity avilability and privacy of info assets
Data States
at rest (stored in databases, file systems not moving)
in transit (actively moving)
in use(being created, retrieved, updated or deleted)
Encrypting data at rest
full disk, partition, file, volumne, database, record
Encrypting data in transit
SSL and TLS used between apps
VPN
IPSec used between network devices
IPSec
internet security protocol secures IP communications by authenticating and encrypting IP packets
Data types
regulated
PII
PHI
Trade Secrets
IP
LEgal info
Financial info
Human readable data
non human readable data
Regulated data
controleld by laws and compliance requirements like GDPR and HIPPA
GDPR
general data protection regulation
protects EU citizen data
compliance required regardless of location
PII
personally identification information
names, SSN, addresses
PHI
personal health info
protected under hippa