Asset Security

Question 1

What is the purpose of classification?

Answer 1

To drive what CONTROLS must be put in place to protect the information.

Question 2

What are the three C’s of classification?

Answer 2

Cost: Determine the value of the data.
Classify: Create criteria for classification.
Controls: Determine the baseline security configuration for each classification.

Question 3

Who determines the classification of data?

Answer 3

The Data Owner

Question 4

Who maintains the data?

Answer 4

Data Custodian

Question 5

What are the military classification labels from highs to lowest?

Answer 5

Top Secret
Secret
Sensitive, but unclassified (SBU)
Unclassified

Question 6

What are classification terms normally associated with nongovernmental organizations?

Answer 6

Private
Proprietary
Sensative

Question 7

Describe some steps for system hardening and baselining.

Answer 7

1. Remove unnecessary services
2. Install latest patches
3. Rename default accounts
4. Change default settings
5. Enable security configurations like auditing, firewalls, updates, etc.
6. Don’t forget physical security.

Question 8

What comprises the actions that organizations take to prevent unauthorized EXTERNAL parties from gaining access to sensitive data?

Answer 8

Data Leak Prevention (DLP)

Question 9

What type of DLP pertains to data in motion?

Answer 9

Network Data Loss Prevention

NDLP products are normally implemented as appliances that are deployed at the perimeter of an organizations’ network.

Question 10

What type of DLP pertains to data at rest?

Answer 10

Endpoint DLP

Software running on each protected endpoint.

Question 11

What type of DLP pertains to data in use?

Answer 11

Endpoint DLP

Software running on each protected endpoint.

Question 12

What should a data retention policy contain?

Answer 12

Address what data is to be retained, where, how, and for how long.

Must consider legal, regulatory, and operational requirements.

Question 13

What is the NIST SP that provides guidelines to combat data remanence?

Answer 13

NIST SP 800-88 “Guidelines for Media Sanitization”

Question 14

What is the term for the process of removing or reducing magnetic field patterns on conventional disk drives or tapes?

Answer 14

Degaussing

Question 15

What is the 4 step information life cycle?

Answer 15

Acquisition
Use
Archival
Disposal

Question 16

The methodology that identifies the path to meet user requirements.

Answer 16

Data Modeling

Question 17

The residual physical representation of data that has been in some way erased.

Answer 17

Data Remanence

Question 18

The removal of sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique.

Answer 18

Purging

Question 19

An assessment of quality based on standards external to the process and involves reviewing of the activities and quality control processes to ensure final products meet predetermined standards of quality.

Answer 19

Quality Assurance

Question 20

An assessment of quality based on internal standards, processes, and procedures established to control and monitor quality.

Answer 20

Quality Control (QC)