7. Data Protection Flashcards
Data Loss Prevention (DLP)
Strategy to prevent sensitive information from leaving an organization
Data Classification
Based on the value to the organization and the sensitivity of the information, determined by the data owner
Sensitive Data (Business)
Information that, if accessed by unauthorized persons, can result in the loss of security or competitive advantage for a company
Public Data (Business)
No impact if released; often publicly accessible
Private Data (Business)
Contains internal personnel or salary infromation
Confidential (Business)
Trade Secrets, intellectual property, source codes, ect.
Critical (Business)
Extremely valuable and restricted information
Unclassified (Gov)
Generally releasable to the public
Sensitive but Unclassified (Gov)
Includes medical records, personnel files, etc.
Confidential (Gov)
Contains information that could affect the government
Secret (Gov)
Holds data like military deployment plans, defensive postures
Top Secret (Gov)
Highest level, includes highly sensitive national security information
Data Ownership
Process of identifying the individual responsible for maintaining the
confidentiality, integrity, availability, and privacy of information assets
Data Owner
A senior executive responsible for labeling information assets and ensuring they are protected with appropriate controls
Data Controller
Entity responsible for determining data storage, collection, and usage purposes and methods, as well as ensuring the legality of these processes
