Chapter 5: Protecting Security of Assets Flashcards

1
Q

Any data that helps an organization maintain a competitive edge

A

Proprietary data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Value of the data to the organization and is critical to protect data confidentiality and integrity.

A

data classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe.”

A

Top secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security

A

Secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Unauthorized disclosure of which reasonably could be expected to cause damage to the national security

A

Confidential

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Any data that doesn’t meet one of the descriptions for top secret, secret, or confidential data

A

Unclassified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The entity that applies the original classification to the sensitive data, and strict rules identify who can do so

A

Classification authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Any information that isn’t public or unclassified.

A

Sensitive information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Similar to unclassified data

A

Public data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data that should stay private within the organization but that doesn’t meet the definition of confidential or proprietary data

A

Private data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The highest level of classified data

A

Confidential or Proprietary data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Any data stored on media such as system hard drives, solid-state drives (SSDs), external USB drives, storage area networks (SANs), and backup tapes

A

Data at Rest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Any data transmitted over a network

A

Data in Transit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Data in memory or temporary storage buffers while an application is using it

A

Data in Uses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The best way to protect the confidentiality of data is to use _________ protocols

A

strong encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A physical security control and means that systems and cables from the classified network never physically touch systems and cables from the unclassified network.

A

Air gapped

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Attempt to detect and block data exfiltration attempts. These systems have the capability of scanning unencrypted data looking for keywords and data patterns.

A

Data loss prevention (DLP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

There are two primary types of DLP systems:

A

Network-Based DLP and Endpoint-Based DLP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Labeling sensitive information ensures that users can easily identify the classification level of any data.

A

Marking

20
Q

True or False:

If media or a computing system needs to be downgraded to a less sensitive classification, it must be sanitized using appropriate procedures

A

True

21
Q

Data that remains on media after the data was supposedly erased.

A

Data remanence

22
Q

The unused space within a disk cluster

A

Slack space

23
Q

Generates a heavy magnetic field, which realigns the magnetic fields in magnetic media such as traditional hard drives, magnetic tape, and floppy disk drives.

A

Degausser

24
Q

True of False:

A degausser will remove all data remanence on an SSD

A

False

They are only effective on magnetic media

25
Q

True or False:

The best way to destroy a SSD is by destruction using an approved disintegrator

A

True

26
Q

Performing a delete operation against a file, a selection of files, or the entire media.

A

Erasing

27
Q

Process of preparing media for reuse and ensuring that the cleared data cannot be recovered using traditional recovery tools.

A

Clearing or Overwriting

28
Q

A more intense form of clearing that prepares media for reuse in less secure environments. It provides a level of assurance that the original data is not recoverable using any known methods.

A

Purging

29
Q

Ensuring that the media cannot be reused or repaired and that data cannot be extracted from the destroyed media.

A

Destruction

30
Q

Destroying the cryptographic key

A

Cryptographic Erasure

31
Q

Retaining and maintaining important information as long as it is needed and destroying it when it is no longer needed

A

Record retention

32
Q

True or False:

Pseudonymization is most useful when releasing a dataset to a third party (such as researchers aggregating data) without releasing any privacy data to the third party. Tokenization allows a third party (such as a credit card processor) to know the token and the original data.

A

True

33
Q

A license grants access to a product and defines the terms of use.

A

DRM License

34
Q

Requires a system to be connected with the internet to use a product.

A

Persistent Online Authentication

35
Q

Use of a token, typically a random string of characters, to replace other data.

A

Tokenization

36
Q

Process of removing all relevant data so that it is theoretically impossible to identify the original subject or person.

A

Anonymization

37
Q

The person who has ultimate organizational responsibility for data.

A

data owner

38
Q

The person who owns the asset or system that processes sensitive data.

A

asset owner

39
Q

Any system used to process data

A

data processor

40
Q

The person or entity that controls the processing of the data.

A

data controller

41
Q

Helps protect the integrity and security of data by ensuring that it is properly stored and protected.

A

data custodian

42
Q

A person who can be identified through an identifier, such as a name, identification number, or other means.

A

data subject

43
Q

Provides a starting point and ensure a minimum security standard.

A

Baseline

44
Q

What are the 4 baselines according to NIST SP 800-53B, “Control Baselines for Information Systems and Organizations”?

A

Low-Impact Baseline:
Controls in this baseline are recommended if a loss of confidentiality, integrity, or availability will have a low impact on the organization’s mission.

Moderate-Impact Baseline: Controls in this baseline are recommended if a loss of confidentiality, integrity, or availability will have a moderate impact on the organization’s mission.

High-Impact Baseline:
Controls in this baseline are recommended if a loss of confidentiality, integrity, or availability will have a high impact on the organization’s mission.

Privacy Control Baseline:
This baseline provides an initial baseline for any systems that process PII. Organizations may combine this baseline with one of the other baselines.

45
Q

A part of the tailoring process and refers to reviewing a list of baseline security controls and selecting only those controls that apply to the IT systems you’re trying to protect.

A

scoping