D2_Sensitive Information and Media Security Flashcards

1
Q

Data has 3 States:

A
  • Data at Rest (Stored data):
    This is data on disks, tapes, CDs/DVDs, USB sticks.
    We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs).
    Encryption can be hardware or software encryption.
  • Data in Motion (Data being transferred on a network).
    We encrypt our network traffic, end to end encryption, this is both on internal and external networks.
  • Data in Use: (We are actively using the files/data, it can’t be encrypted).
    Use good practices: Clean desk policy, print policy, allow no ‘shoulder surfing’, may be the use of view angle privacy screen for monitors, locking computer screen when leaving workstation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Mission/business owners:

A

Senior executives make the policies that govern our data security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data/information owners:

A

Management level, they assign sensitivity labels and backup frequency.
This could be you or a data owner from HR, payroll, or other departments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Data custodians:

A

These are the technical hands-on employees who do the backups, restores, patches, and system configuration. They follow the directions of the data owner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

System owner

A

System owner: Management level and the owner of the systems that house the data.
• Often a data center manager or an infrastructure manager.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data controllers and data processors

A
  • Controllers create and manage sensitive data in the organization (HR/Payroll)
  • Processors manage the data for controllers (Outsourced payroll).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security Administrators

A

Responsible for firewalls, IPS’ (Intrusion Prevention Systems), IDS’ (Intrusion Detection Systems), security patches, create accounts, and grants access to the data following the data owners’ directions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Supervisors:

A

Responsible for user behavior and assets created by the users. Directly responsible for user awareness and needs to inform the security administrator if there are any changes to user employment status, user access rights, or any other pertinent changes to an employees’ status

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

users

A

These are the users of the data. User awareness must be trained; they need to know what is acceptable and what is not acceptable, and the consequences for not following the policies, procedures, and standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Auditors

A

Responsible for reviewing and confirming our security policies are implemented correctly, we adhere to them, and that they provide the protection they should.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly