Assets Security Flashcards
What are the Information Life Cycles
Classification
Categorization
Ownership
Maintenance
Data Classification
helps organization to understand what the data-oriented ramifications of exploitation are
What are the Data Classification labels
Top Secret Secret Confidential Sensitive but unclassified (SBU) Unclassified
What are the Data Classifications Criteria
Value - what is it worth
Age - How current is the information (useful if beyond 5 years?)
Useful life - At what point is it no longer worth protecting
Personal Association - Medical records, personnel files
Examples of regulated data
Card Holder Data (CHD) - cc#, name, expiration
Personally Identifiable Information (PII) - name, address, SSN, DOB
Protect Health Information (PHI) - PII + related health information
What are the roles for Data Ownership
Business/Mission Owner Data (Information) Owner System Owner Custodians Users
What is Business/Mission Owner
Senior Leadership
provide adequate funding and manpower to implement
enforce program policy when needed
What is Data Owner
Also know as Information Owner
Accountable for the data
Determines who can access
What is System Owner
Owns the OS, DB, responsible for the patching etc..
What is Custodians
Hands on to achieve data protection
Performing testing and verifying backup
Data Restoration
What are users of data
Individuals who be granted access to use data as part of their job
What is a Data Controller
creates/manages sensitive data
must legally ensure security of data access by data processor
What is a Data Processor
3rd party that access the organization sensitive data
What is degaussing
applying large magnetic field to erase magnetic media (hard disk)
What is best way to remove data
Degaussing
Destruction
What are the types of data storage & memory
Real, main, or primary memory Secondary memory/storage Write Once Read Many (WORM) Volatile Storage Non-volatile storage Sequential storage
What is primary memory/storage
Ram
What is secondary memory/storage
Disk
What is volatile memory
Directly access by CPU
SRAM/DRAM
Need power to persist
What is non-volatile memory
Stored in location not accessible by CPU
Think firmware
What is Random Access Storage
RAM - can access randomly
What is sequential storage
Write and read in sequence - think of tape backup
What are the types of RAM
Registers
SRAM (cache memory)
DRAM
General rule - fastest memory is closest to the CPU
Programmable ROM (PROM)
Modified Once
Firmware
Erasable and Programmable ROM (EPROM)
can be erased and reprogrammed
Not the norm
Electrically Erasable Prom (EEPROM)
rewritten and rewritten
Flash drive
Firmware
Programmable Logic Device (PLD)
Integrated circuit that be modified programmatically
What PROM, EPROM, EEPROM is referred to
ISO 27002
Best practices
Formerly 17799
ISO 27001
Auditing
What is scoping
determining applicable portions of a standard that will be followed.
What is tailoring
customizes a standard for an organization
Begins with scoping, then add compensating control and parameters
What organization manages RFC (Request for Comments)
IETF
What is SRAM
volatile, fast, less amount, cache
What is DRAM
Refresh regular basis, cheapest
