Data Classification Flashcards
What is the most important step in properly handling and controling data?
Assigning responsibilities according to who has possession and legal ownership of it, which are usually associated with named roles.
What role collects and creates the data?
Data owner
Who is usually the data owner?
Cloud customer
Many international treaties/frameworks refer to the data owner as…
The data controller
Who is the person/entity tasked with daily maintenance and administration of the data?
Data custodian
The _____ applies the proper security controls and processes as directed by the data owner.
data custodian
Who might be the data custodian?
Database administrator
Who is tasked with ensuring the data’s context and meaning are understood and data is used properly?
Data stewards
Who manipulates, stores, or moves data on behalf of the data owner?
Data processor
Copying, printing, destroying, and utilizing data is called…
Processing
From an international perspective, who is the data processor?
The Cloud Provider
T/F Data processors can be third parties
True
______ remain legally responsible for all data they own.
Data owners
T/F System owners are always data owners.
False - not necessarily
- Regulatory compliance
- Business function
- Functional unit
- Project
All drive _____
Data categorization
Who is in the best position to categorize the data?
Data owners
Who is responsible for data classification?
Data owner
Data classification types:
- Sensitivity
- Jurisdiction
- Criticality
Data classification is often based on…
Organizational policies
What is it called when data shared between orgs must be normalized and translated so that it’s meaningful to both parties?
Data mapping
Data classifications and labels are carried through mapping to ensure…
That data used in another context does not lose its security controls and oversight.
- Date of creation
- Date of scheduled destruction/disposal
- Confidentiality level
- Handling directions
- Dissemination/distribution instructions
- Access limitations
- Source
- Jurisdiction
- Applicable regulation
Information a label includes
Why are labels often used as part of data management tools?
For lifecycle and security controls.
What is a key technology component and capability in the data lifecycle?
Automated labeling
What helps an org track where their data is flowing, what ports/protocols are in use, how data is secured, and what controls are in place?
Data flow diagrams
What is it called when an org is creating an initial data inventory, doing electronic discovery, or using data mining tools to discover trends in data already in the inventory?
Data discovery