Chapter 5: Assets Flashcards
New Information preparation
prepared for use by adding metadata, including classification labels
Cryptograph
an effective control at all phases of the data life cycle
Data retention policy
drives the timeframe at which data transitions from the archival phase to the disposal phase of its life cycle
Senior executive responsibility
senior executives are ultimately responsible to the shareholders for the successes and failures of their corporations, including security issues
Data owner
Manager in charge of a specific business unit; ultimately responsible for the protection and use of a specific subset of information
Classifiers of data
Data owners specify the classification of data
Data custodians
Implement and maintain controls to enforce the set classification levels
Data retention policy
must consider legal, regulatory, and operational requirements; should address what data is to be retained, where, how, and for how long
Electronic discovery
e-discovery; the process of producing for a court or external attorney all electronically stored information (ESI) pertinent to a legal proceeding
Normal deletion
deleting a file does not permanently remove it from media
NIST SP 800-88
Guidelines for Media Sanitization; describes the best practices for combating data remanence
How to render original data unrecoverable
overwrite data; replace the 1’s and 0’s which represent it on storage media with random or fixed patterns of 1’s and 0’s
Degaussing
process of removing or reducing the magnetic field patterns on conventional disk drives or tapes
Privacy
pertains to personal information; both from employees and customers
privacy best practice
orgs should collect the least amount of private personal data required for the performance of business functions
