Data Classification Flashcards
Data Categorization
Data owner usually categorizes the data because of SA
Org can have any number of categories or types of information; these might be clearly defined and reused throughout the organization, or they might be arbitrarily assigned by data owners during the Create phase.
List ways to categorize data?
Regulatory Compliance
Business Function
Functional Unit
By Project
Regulatory Compliance Categories
categories based on which regulations apply to a specific dataset.
Business Function Categories
specific categories for different uses of data. e.g. billing, marketing, or operations.
Functional Unit Category
Categories defined by on department or office, so they own their own categories and keep all data it controls within its own category or categories
By Project Categories
define datasets by the projects they are associated with as a means of creating discrete, compartmentalized projects.
What should be true of the way an organization adopt categorization?
Whatever motif the organization uses, however, should be adopted and enforced uniformly throughout the organization.
Data Labeling
Attaching labels, flags, or tags to data, identifying data element’s classification, categorization, sensitivity, location of data, department, etc.
Data Classification
What is it? Who classifies? How is it classified? When is it Classified?
the responsibility of the data owner, takes place in the Create phase, and is assigned according to an overall organizational policy based on a specific characteristic of the given dataset.
Affixing security labels to objects in order to allow only people/subjects with the appropriate clearance level to have access to those objects
Classification or Sensitivity labels are applied to objects
Clearances or Privilege labels are applied to people/subjects
Data should be classified by the owner
can take any form defined by the organization and should be uniformly applied.
List items data classification may contain?
Sensitivity
Jurisdiction
Criticality
Describe Sensitivity in Classification
classification according to the sensitivity of the data, based on the negative impact an unauthorized disclosure would cause.
Describe Jurisdiction in Classification
geophysical location of the source or storage point of the data
Describe Criticality in Classification
Data that is deemed critical to organizational survival might be classified
Data Mapping
Data between organizations (or sometimes even between departments) must be normalized and translated so that it conforms in a way meaningful to both parties.
Where may data labels reside?
Header and Footers of document
Embedded in the filename
What information may labels include?
Date of creation Date of scheduled destruction/disposal Confidentiality level / Markings Handling directions Dissemination/distribution instructions Access limitations Source Jurisdiction Applicable regulation Descriptive terms
Data Discovery
Data discovery aka electronic discovery (e-discovery)
Used to understand the data we have created or aquired so that we may identify it, label it, and then successfully process it to derive value from data
e-discovery can be used for business analytics or even legal reasons (e.g. subpoena)
List different techniques to data discovery
Label based discovery
Metadata based discovery
Content based discovery
Content Analysis
Analyzing data via pattern matching, hashing, statistical or other types of analysis
Label Based Discovery
Labels can be especially useful when the discovery effort is undertaken in response to a mandate with a specific purpose, such as a court order or a regulatory demand
Metadata Based Discovery
Data discovery can therefore use metadata in the same way labels might be used; specific fields of the metadata might be scanned for particular terms, and all matching data elements collected for a certain purpose.
Content Based Discovery
discovery tools can be used to locate and identify specific kinds of data by delving into the content of datasets. This technique can be as basic as term searches or can use sophisticated pattern-matching technology.
List types of Data Analytics
Data Mining
Real Time Analytics
Agile Business Intelligence
Datamining
collected various data streams and can run queries across these various feeds, the organization can detect and analyze previously unknown trends and patterns
Real Time Analytics
provide datamining functionality concurrently with data creation and use
Agile Business Intelligence
Datamining involves recursive, iterative tools and processes that can detect trends in trends and identify even more oblique patterns in historical and recent data
How is “rights management,” implemented?
Entails the use of specific controls that act in concert with or in addition to the organization’s other access control mechanisms to protect certain types of assets, usually at the file level.
Intellectual Property
Valuable intangible assets of the mind
How is intellectual property protected?
Patents
Trademarks
Copyright
Trade Secrets
Copyright Description?
Is stealing a book a copyright infringement? Why or why not?
The legal protection for creative expression of IDEAS - usually involves literary works, film, music, software, and artistic works. Does not cover specific words, slogans, recipes, or formulae. Copyright protects tangible expression of ideas.
copyrights in the United States, in that protections for them exist upon creation, without any additional requirement for registration
No it is theft to steal a book, it is copyright infringement to illegally copy the books content.
How long does a copyright last and who does it belong to?
TYPICALLY 70 years after the authors death or 95 years for software created by a company (after which the copyrighted material entered the public domain) or 120 years after the first publication of a work for hire, but it depends on the terms under which the copyright was created - individually or works created under contract.
In the US, the author or whomever the author sells or grants the copyrights to owns them. In other jurisdictions its the person who first registers the work
What can the copyright holder do with the rights?
The creator is the only entity legally allowed to do the following: Perform the work publically. Profit from the work. Make copies of the work. Make derivative works from the original. Import or export the work. Broadcast the work. Sell or otherwise assign these rights.
Another word for Copyright Infringement?
Piracy
Trademarks
Examples
Trademark protection is intended to be applied to specific symbol, word, name, colors, musical tune, graphic, or design to identify a PRODUCT or SERVICE. Trademarks are representations of an organization—its brand.
Intended to protect the esteem and goodwill that an organization has built among the marketplace, especially in public perception.
A trademark can be the name of an organization, a logo, a phrase associated with an organization, even a specific color or sound, or some combination of these.
Who can register trade marks?
Describe the symbol of items registered?
USPTO - US Patent and Trademark Office the federal entity for registering trademarks.
Superscript circle with an R in it
States/State Offices
Superscript TM
How long do Trademarks last? Penalty for infringement?
Trademarks last in perpetuity as long as the owner continues to use them for commercial purposes
Owners can sue
Patents - Description?
How long do they last?
Action owner can take if infringement is suspected?
Patents are the legal mechanism for protecting intellectual property in the form of inventions, processes, materials, decorations, and plant life; Strongest form of IP protection; Patent is a public domain document but another person can’t use the patent unless it expires or patent holder licenses use to them
Patents typically last for 20 years from the time of the patent application, but there are provisions for extensions.
Owners can sue if they suspect infringement
What organizations are responsible for registering/approving Patents?
US Patent and Trade Office (US)
World Intellectual Property Office - WiPO - approves Patents under the Patent Cooperation Treaty which has 152 signatory member nations, where property will be protected in each member country
What do patents limit or protect?
the patent owner gains exclusivity in the production, sale, and importation of the patented property.
Trade secrets
Trade secrets are intellectual property that involve information, device, method, technique or process that derives ECONOMIC VALUE from not being generally known, and is kept SECRET (not in the public domain). Must continue to be kept secret. If they need to be disclosed, an NDA is used to enforce confidentiality of disclosed secrets.
Trade secrets protections exist upon creation, without any additional requirement for registration, as long as IP is secret.
Does not grant exclusivity, if others come up with
What do trade secrets legally protect?
Illicit acquisition
acquire trade secrets by theft or misappropriation
Actions if Trade secret protections are violated?
Sue in civil court
Prosecuted in federal court for crime
Difference in Trade Secret and Copyright? What does Trade Secret have in common with TM?
Anyone other than the owner of the trade secret who discovers or invents the same or similar methods, processes, and information through legal means is justified and legally free to use that knowledge to their own benefit.
Last in perpetuity as long as owner is using commercially