Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ > 4.2 Explain the security implications of proper hardware, software, and data asset management > Flashcards

4.2 Explain the security implications of proper hardware, software, and data asset management Flashcards

1
Q

Data Ownership

A

Data Ownership - Identifies who maintains the confidentiality, integrity, availability, and privacy of information assets.

  • Example Across Roles: Handling employee salary data in a company.
  • Data Owner:
    • Role: Senior executive (e.g., CFO) defines how employee salary data is classified and who can access it. High-level responsibility for the data.
    • Duties: Determines if salary data is confidential and who can view or modify it.
  • Data Steward:
    • Role: Responsible for carrying out the intent of the data owner’s requirements. E.g. HR data specialist ensures salary data is accurate and correctly labeled (e.g., as confidential). Typically a business manager.
    • Duties: Validates employee data before payroll processing.
  • Data Custodian:
    • Role: Responsible for backing up, storage. E.g. IT team secures storage of salary data in databases and applies encryption.
    • Duties: Manages backups and access control to prevent unauthorized access.
  • Data Controller:
    • Role: an organization that is responsible for a dataset. E.g. HR department establishes policies on how salary data is collected and processed.
    • Duties: Ensures payroll data collection complies with laws (e.g., GDPR).
  • Data Processor:
    • Role: Payroll service provider processes monthly salaries under the HR department’s instruction.
    • Duties: Calculates salaries, generates pay slips, and transfers payments.
  • Privacy Officer:
    • Role: Monitors compliance with privacy regulations (e.g., GDPR for personal data).
    • Duties: Ensures employee salary data handling aligns with privacy laws.

Memory Tip:

  • Owner: Big-picture authority.
  • Controller: Policy maker.
  • Processor: Day-to-day executor.
  • Steward: Data caretaker for quality.
  • Custodian: IT-focused data guardian.
  • Privacy Officer: Regulatory watchdog.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Mobile Device Management (MDM)

A
  • Manages mobile devices (smartphones, tablets, laptops, wearables).
  • Enforces policies, updates software remotely, and locks or wipes lost devices.
  • Reduces risks from unsecured or outdated devices.

MDM tools can block access to devices using: Tethering, Mobile hotspot, Wi-Fi Direct

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Asset Disposal and Decommissioning

A

Manages outdated assets based on NIST 800-88 guidelines.

Methods

  • Sanitization: Makes data inaccessible on storage devices.
    • Overwriting: Replaces data with random bits; 1, 7, 35 passes
    • Degaussing: Uses magnetic fields to erase data, rendering the device unusable.
    • Secure Erase: Deletes data at the firmware level, now replaced by Cryptographic Erase (CE).
    • Cryptographic Erase (CE): Deletes encryption keys to render data unreadable, allowing device reuse.
  • Destruction: Physically destroys devices beyond recovery. Methods: Shredding, Pulverizing, Melting, Incinerating.

Other Terms

  • Certification: Provides proof of secure disposal with audit logs
  • Data Retention: Defines what data to keep and for how long.
  • Data Protection: Protects all stored data from breaches. More data means higher security costs and harder analysis.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security+ (29 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions