4. Information Management

Question 1

What is Data Governance?

Answer 1

Programs that identify, track, and manage sensitive information for an organization, ensuring that data handling practices are consistent with the organization’s policies and procedures

Question 2

What is included in Data Governance?

Answer 2

1. Building a data inventory
2. Data classification
3. Data flow mapping
4. Data lifecycle management

Question 3

What are some data inventory types?

Answer 3

• Personally identifiable information (PII)
• Protected health information (PHI)
• Financial information
• Government information

Question 4

What is data classification?

Answer 4

Data categories based on the sensitivity of the information and the impact on the organization should the information be inadvertently disclosed

Question 5

List the business data classification typically used

Answer 5

• Highly sensitive
• Sensitive
• Internal
• Public

Question 6

What is data flow mapping?

Answer 6

Tracking the ways the organization receives, handles, shares, and disposes of sensitive information

Question 7

Why are data flow diagrams helpful?

Answer 7

Helps the privacy professional understand the movement of information through their organizations and also contribute to their ability to manage the full data lifecycle

Question 8

What is data minimization

Answer 8

Collecting the smallest possible amount of information to meet the business requirement

Question 9

What is purpose limitation

Answer 9

Data should only be used for the purpose that it was originally collected and that was consented to by the data subjects

Question 10

Explain data retention

Answer 10

Guides end of the data lifecycle

Question 11

What are the stages of the data lifecycle?

Answer 11

1. Data creation
2. Data storage
3. Data sharing and usage
4. Data archival
5. Data deletion

Question 12

List some cybersecurity threat actors

Answer 12

• Script Kiddies
• Hacktivist
• Criminal syndicates
• Advanced Persistent Threats (APT)
• Insiders

Question 13

What is ransomware?

Answer 13

Ransomware combines traditional malware techniques with the weaponization of encryption technology.

Question 14

What is an incident event?

Answer 14

Any observable occurrence in a system or network

Question 15

What is an incident adverse event?

Answer 15

Any event that has negative consequences

Question 16

What is an security incident?

Answer 16

Violation or imminent threat of violation of security policies, acceptable use policies, or standard security practices

Question 17

What is the Computer Security Incident Response Team (CSIRT) responsible for?

Answer 17

Responding to computer security and privacy incidents that occur within an organization by following standardized response procedures and incorporating their subject matter expertise and professional judgement

Question 18

What are the phases of Incident Response?

Answer 18

1. Preparation
2. Detection and Analysis
3. Containment, Eradication, and Recovery
4. Post-incident activity

Question 19

List some events that happen during the Incident Response Preparation phase

Answer 19

• Proper policy foundation
• Operating procedures
• Appropriate training
• Prepares to respond to an incident
• Building strong cybersecurity defenses
• Purchase cyberinsurance

Question 20

NIST 800-61, Computer Security Incident Handling Guide, describes four major security event indicators. What are they?

Answer 20

• Alerts that originate from intrusion detection and prevent system, security information and event management system, antivirus software, file integrity checking software, third-party monitoring services
• Logs generated by OS, services, applications, network devices, and network flows
• Publicly available information about new vulnerabilities and exploits
• People from inside the organization or external sources who report suspicious activity

Question 21

At a high level, what are the containment, eradication, and recovery phase designed to achieve?

Answer 21

1. Select a containment strategy appropriate to the incident circumstances
2. Implement the selected containment strategy to limit the damage caused by the incident
3. Gather additional evidence as needed to support the response effort and potential legal action
4. Identify the attackers and attacking systems
5. eradicate the effects of the incident and recover normal business operations

Question 22

What happens during the Post-incident Activity?

Answer 22

Team members conduct a lessons-learned review and ensure that they meet internal and external evidence retention requirements

Question 23

List some lessons learned questions

Answer 23

• Exactly what happened and at what time?
• How well did staff and management perform in responding to the incident?
• Were the documented procedure followed? Were they adequate?
• What information was needed sooner?
• Were any steps or action taken that might have inhibited the recovery?
• What would the staff and management do differently the next time a similar incident occurs?
• How could information sharing with other organizations have been improved?
  What corrective actions can prevent similar incidents in the future?
• What precursors or indicators should be watch for in the future to detect similar incidents?
• What additional tool or resources are needed to detect, analyze, and mitigate future incidents?

Question 24

What key elements should an incident response policies contain?

Answer 24

• Statement of management commitment
• Purpose and objectives of the policy
• Scope of the policy (to whom it applies and under what circumstances)
• Definition of cybersecurity incidents and related terms
• Organizational structure and definition of roles, responsibilities, and level of authority
• Prioritization or severity rating scheme for incidents
• Performance measures for the CSIRT
• Reporting and contact forms