Chapter 5: Protecting Security of Assets Flashcards

1
Q

Any data that helps an organization maintain a competitive edge

A

Proprietary data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Value of the data to the organization and is critical to protect data confidentiality and integrity.

A

data classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe.”

A

Top secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security

A

Secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Unauthorized disclosure of which reasonably could be expected to cause damage to the national security

A

Confidential

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Any data that doesn’t meet one of the descriptions for top secret, secret, or confidential data

A

Unclassified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The entity that applies the original classification to the sensitive data, and strict rules identify who can do so

A

Classification authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Any information that isn’t public or unclassified.

A

Sensitive information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Similar to unclassified data

A

Public data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data that should stay private within the organization but that doesn’t meet the definition of confidential or proprietary data

A

Private data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The highest level of classified data

A

Confidential or Proprietary data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Any data stored on media such as system hard drives, solid-state drives (SSDs), external USB drives, storage area networks (SANs), and backup tapes

A

Data at Rest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Any data transmitted over a network

A

Data in Transit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Data in memory or temporary storage buffers while an application is using it

A

Data in Uses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The best way to protect the confidentiality of data is to use _________ protocols

A

strong encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A physical security control and means that systems and cables from the classified network never physically touch systems and cables from the unclassified network.

A

Air gapped

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Attempt to detect and block data exfiltration attempts. These systems have the capability of scanning unencrypted data looking for keywords and data patterns.

A

Data loss prevention (DLP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

There are two primary types of DLP systems:

A

Network-Based DLP and Endpoint-Based DLP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Labeling sensitive information ensures that users can easily identify the classification level of any data.

20
Q

True or False:

If media or a computing system needs to be downgraded to a less sensitive classification, it must be sanitized using appropriate procedures

21
Q

Data that remains on media after the data was supposedly erased.

A

Data remanence

22
Q

The unused space within a disk cluster

A

Slack space

23
Q

Generates a heavy magnetic field, which realigns the magnetic fields in magnetic media such as traditional hard drives, magnetic tape, and floppy disk drives.

24
Q

True of False:

A degausser will remove all data remanence on an SSD

A

False

They are only effective on magnetic media

25
True or False: The best way to destroy a SSD is by destruction using an approved disintegrator
True
26
Performing a delete operation against a file, a selection of files, or the entire media.
Erasing
27
Process of preparing media for reuse and ensuring that the cleared data cannot be recovered using traditional recovery tools.
Clearing or Overwriting
28
A more intense form of clearing that prepares media for reuse in less secure environments. It provides a level of assurance that the original data is not recoverable using any known methods.
Purging
29
Ensuring that the media cannot be reused or repaired and that data cannot be extracted from the destroyed media.
Destruction
30
Destroying the cryptographic key
Cryptographic Erasure
31
Retaining and maintaining important information as long as it is needed and destroying it when it is no longer needed
Record retention
32
True or False: Pseudonymization is most useful when releasing a dataset to a third party (such as researchers aggregating data) without releasing any privacy data to the third party. Tokenization allows a third party (such as a credit card processor) to know the token and the original data.
True
33
A license grants access to a product and defines the terms of use.
DRM License
34
Requires a system to be connected with the internet to use a product.
Persistent Online Authentication
35
Use of a token, typically a random string of characters, to replace other data.
Tokenization
36
Process of removing all relevant data so that it is theoretically impossible to identify the original subject or person.
Anonymization
37
The person who has ultimate organizational responsibility for data.
data owner
38
The person who owns the asset or system that processes sensitive data.
asset owner
39
Any system used to process data
data processor
40
The person or entity that controls the processing of the data.
data controller
41
Helps protect the integrity and security of data by ensuring that it is properly stored and protected.
data custodian
42
A person who can be identified through an identifier, such as a name, identification number, or other means.
data subject
43
Provides a starting point and ensure a minimum security standard.
Baseline
44
What are the 4 baselines according to NIST SP 800-53B, “Control Baselines for Information Systems and Organizations”?
Low-Impact Baseline: Controls in this baseline are recommended if a loss of confidentiality, integrity, or availability will have a low impact on the organization's mission. Moderate-Impact Baseline: Controls in this baseline are recommended if a loss of confidentiality, integrity, or availability will have a moderate impact on the organization's mission. High-Impact Baseline: Controls in this baseline are recommended if a loss of confidentiality, integrity, or availability will have a high impact on the organization's mission. Privacy Control Baseline: This baseline provides an initial baseline for any systems that process PII. Organizations may combine this baseline with one of the other baselines.
45
A part of the tailoring process and refers to reviewing a list of baseline security controls and selecting only those controls that apply to the IT systems you're trying to protect.
scoping