Data Classification

Question 1

Name 4 Terms and Roles of Data Ownership

Answer 1

• Data Owner - Data Controller
• Data Custodian
• Data Stewards
• Data Processor

Question 2

Explain Data Controller:

Answer 2

The data owner is the organization that has collected or created the data, in general terms.
Within the organization, we often assign a specific data owner as being the individual with rights and responsibilities for that data; this is usually the department head or business unit manager for the office that has created or collected a certain dataset.

From a cloud perspective, the cloud customer is usually the data owner. Many international treaties and frameworks refer to the data owner as the data controller.

Question 3

Data Owners: What is the essential point about rights and responsibilities?

Answer 3

Data owners remain legally responsible for all data they own. This is true even if data is compromised by a data processor several times removed from the data owner.

Question 4

What is a Data Custodian?

Answer 4

Data-Ownership #Data-Custodian

The data custodian is any person or entity that is tasked with the daily maintenance and administration of the data. The custodian also has the role of applying the proper security controls and processes as directed by the data owner.

Within an organization, the custodian might be a database administrator.

Question 5

Explain Data Stewards.

Answer 5

Data stewards are tasked with ensuring that the data’s context and meaning are understood, and they use that knowledge to make certain the data they are responsible for is used properly.

Question 6

Explain Data Processors.

Answer 6

The Data Processor is any organization or person who manipulates, stores, or moves the data on behalf of the data-owner.

Processing is anything that can be done to data:

• copying it
• printing it
• destroying it
• utilizing it

From an international law perspective, the cloud provider is a data processor.

Question 7

What could count as data processing?

Answer 7

Processing is anything that can be done to data:

• copying it
• printing it
• destroying it
• utilizing it

Question 8

Data Processors: What is a essential point to remember about the rights and responsibilities of data ownership and custody?

Answer 8

Data processors do not necessarily all have direct relationships with data owners; processors can be third parties, or even further removed down the supply chain.

Question 9

Data Categorization: Categorization is commonly driven by what kind of 3 factors?

Answer 9

• Regulatory Compliance
• Business Function
• By Project

Question 10

Data Categorization: Explain the impact of regulatory compliance.

Answer 10

Different business activities are governed by different regulations.
The organization may want to create categories based on which regulations or requirements apply to a specific dataset.

This might include the:

• Graham-Leach-Bliley Act (GLBA)
• Payment Card Industry Data Security Standard (PCI DSS)
• Sarbanes-Oxley (SOX)
• Health Insurance Portability and - Accountability Act (HIPAA)
• EU’s General Data Protection Regulation (GDPR)
• or other international, national, state, or local requirements

Question 11

Data Categorization: Explain the impact of business function.

Answer 11

The organization might want to have specific categories for different uses of data. Perhaps the data is tagged based on its use in billing, marketing, or operations; by types ofcustomers; or by some other functional requirement or descriptor.

Question 12

Data Categorization: Explain the impact of By Project.

Answer 12

Some organization might define datasets by the projects they are associated with as means of creating discrete, compartmentalized projects.

Question 13

What is Data Classification?

Answer 13

Much like data categorization, data classification is the responsibility of the data owner and is assigned according to an overall organizational policy based on specific characteristic of a given dataset.

The classification, like the categorization, can take any form defined by the organization and should be uniformly applied.

Question 14

Data Classification: Name three types of classifications?

Answer 14

• Sensitivity
• Jurisdiction
• ## Criticality

Question 15

Data Classification: Explain Sensitivity.

Answer 15

Sensitivity
This is the classification model used by the U.S. military. Data is assigned a classification according to its sensitivity, based on the negative impact an unauthorized disclosure would cause. In models of this kind, classification must be assigned to all data, even in the negative, so material that is not deemed to be sensitive must be assigned the “unclassified” label.

We will discuss labeling shortly.

Question 16

Data Classification: Explain Jurisdiction.

Answer 16

The geophysical location of the source or storage point of the data might have significant bearing on how that data is treated and handled.

For instance, personally identifiable information (PII) data gathered from citizens of the European Union (EU) is subject to the EU privacy laws, which are much stricter and more comprehensive than privacy laws in the United States.

Question 17

Data Classification: Explain Criticality.

Answer 17

Criticality Data that is deemed critical to organizational survival might be classified in a manner distinct from trivial, basic operational data.

As we know from the previous chapter, the Business Impact Analysis (BIA) helps us determine which material would be classified this way.

Question 18

What is Data Mapping?

Answer 18

Data that is shared organizations (or sometimes even between departments) must be normalized and translated so that it conforms in a way that is meaningful to both parties. This is typically referred to as data mapping.

When used in the context of classification efforts, mapping is necessary so that data that is known as sensitive (and in need of protection) in one system/organization is recognized as such by the receiving system/organization so that those protections can continue.

Without proper mapping efforts, data is classified at a specific level might be exposed to undue risk or threats.

Question 19

Do privacy based regulations now require data mapping?

Answer 19

Yes!

An increasing number of privacy-based regulations now require data mapping. That means you may be legally required to identify data like **Personally identifiable information (PII) **to meet compliance requirements.

Examples of laws that include data mapping requirements include the European Union’s General Data Protection Regulation (GDPR) as well as California’s Consumer Privacy Act of 2018.

Question 20

What is Data Labeling?

Answer 20

When the data owner creates, categorizes, and classifies the data, the data also needs to be labeled.

The label should indicate who the data owner is, usually in terms of the office or role instead of an individual name or identity (because, of course, personnel can change roles within an organization or leave for other organizations).

The label should take whatever form is necessary for it to be enduring, understandable, and consistent; for instance, while labels on data in hard copy might be printed headers and footers, labels on electronic files might be embedded in the filename or added as metadata.

Question 21

What kinds of information could labels include?

Answer 21

• Data of creation
• Date of scheduled destruction/disposal
• Confidentiality level
• Handling directions
• Dissemination/distribution instructions
• Access limitations
• Source
• Jurisdiction
• Applicable regulation

Question 22

Explain Data Flow

Answer 22

In this simplified model, an account is created and data is sent to an analytics platform where everything but the password is used to conduct data analysis and reporting for the organization.

At the same time, key user information is sent to an account renewal system that sends notifications when subscriptions are expiring. If the account is not renewed, the organization will use the canceled account process that removes some data from the active accounts list but is likely to retain things like the UserID and other data in case the subscriber chooses to resubscribe in the future.

Question 23

What are Data Discovery Methods?

Answer 23

Data discovery is a term that can be used to refer to several kinds of tasks: it might mean that the organization is attempting to create that initial inventory of data its owns or that the organization is involved in electronic discovery (e-discovery), the legal term for how electronic evidence is collected as part of an investigation or lawsuit; and it can also mean the modern use of data mining tools to discover trends and relations in the data already in the organization’s inventory.

Question 24

Name 3 Data Discovery Methods?

Answer 24

• Label-Based Discovery
• Metadata-Based Discovery
• Content-Based Discovery

Question 25

What is Label-Based Discovery?

Answer 25

Obviously, the labels created by data owners will greatly aid any data discovery effort. With accurate and sufficient labels, the organization can readily determine what data it controls and what amounts of each kind. This is another reason the habit and process of labeling is so important. Labels can be especially useful when the discovery effort is undertaken in response to a mandate with a specific purpose, such as a court order or a regulatory demand: if all data related to X is required, and all such data is readily labeled, it is easy to select and disclose all the appropriate data, and only the appropriate data.

Question 26

What is Metadata-Based Discovery?

Answer 26

Colloquially referred to as "data about data," metadata is a listing of traits and characteristics about specific data elements or sets. Metadata is often automatically created at the same time as the data, often by the hardware or software used to create the parent data. Data discovery can therefore use metadata in the same way labels might be used; specific fields of the metadata might be scanned for particular terms and all matching data elements collected for a certain purpose. Note Labels are often a type of metadata, so it is important to remember that these discovery methods may overlap.

Question 27

What is Content-Based Discovery?

Answer 27

Even without labels or metadata, discovery tools can be used to locate and identify specific kinds of data by delving into the content of datasets. This technique can be as basic as term searches or can use sophisticated pattern-matching technology.

Question 28

What kind of Data exist?

Answer 28

- Structured Data - Unstructured Data - Sem-Structured Data

Question 29

What is **Structured Data?**

Answer 29

Data that is sorted according to meaningful, discrete types, and attributes, such as data in a relational database, is said to be structured data.

Question 30

What is **Unstructured Data?**

Answer 30

**Unstructured Data** Unsorted data (such as the content of various emails in a user's Sent folder, which could include discussions of any topic or contain all types of content) is considered unstructured data. It is typically much easier to perform data discovery actions on structured data because that data is already situated and arranged.

Question 31

What is **Semi-Structured Data?**

Answer 31

Semi-structured data uses tags or other elements to create fields and records within data without requiring the rigid structure that structured data relies on. Examples of semi-structured data include XML (extensible markup language) and JSON (JavaScript object notation), both of which provide flexible structures that still allow data descriptions.

Question 32

Data Discovery: What kind of challenge does data location cause in the discovery process?

Answer 32

-** Laws and regulations** may limit the types or methods of discovery you can engage in, or what you can do with the data, as well as where and how you can store it. - **technical hurdles** Data location can also create technical hurdles to discovery. If data is stored in unstructured form, or in a service that handles data in ways that make it challenging to conduct discovery, you may have to design around those constraints. **bearing costs** Location can also have a bearing on costs because cloud ingress and egress costs can vary greatly, potentially impacting both where you process data and whether you transfer it or process it in place. It will be far easier to conduct some types of discovery action - **unstructured data** Unstructured data with data embedded inside of it, like freeform text from customers, can require far more complex queries, which is more likely to result in missed data.

Question 33

What are common types of data analytics methods?

Answer 33

- Data Mining - Real Time - Business Intelligence

Question 34

What is Data Mining?

Answer 34

**Data Mining** - The term for the family of activities from which the other options on this list derive. This kind of data analysis is an outgrowth of the possibilities offered by regular use of the cloud, also known as "big data." When the organization has collected various data streams and can run queries across these various feeds, it can detect and analyze previously unknown trends and pattern that can be extremely useful.

Question 35

What is Real-Time Data Analytics?

Answer 35

**Real-Time **- Analytics in some cases, tools can provide data mining functionality concurrently with data creation and use. These tools rely on automation and require efficiency to perform properly.

Question 36

Explain Business Intelligence?

Answer 36

**Business Intelligence** - State-of-the-art data mining involves recursive, iterative tools and processes that can detect trends in trends and identify even more oblique patterns in both historical and recent data.

Question 37

What is Information Rights Management (IRM)?

Answer 37

**Information rights management (IRM)** is used to describe the application of digital rights management tools and techniques to files created by individuals and is typically focused on protecting the information contained in the documents rather than who can watch a movie or play a video game.

Question 38

What are Information Rights Management Objectives?

Answer 38

- Data Rights - Provisioning - Access Models

Question 39

IRM: Explain Data rights.

Answer 39

Data Rights describe the actions that authorized users can take on a given asset and how those rights are: - set - applied - modified - removed Typically rights match those for other file types you are already familiar with: - creating - editing - copying - viewing or accessing - printing - forwarding - deleting - are all things that are commonly controlled by Information Rights Management (IRM) tools. Forwarding may stand out because IRM tools may be applied to email and other communications tools, and you will want to think about IRM as a tool to control data throughout its lifecycle.

Question 40

IRM: Explain Provisioning rights.

Answer 40

Provisioning rights for users in Information Rights Management systems is critical to ensuring that use of IRM does not disrupt the business while still being effective for rights management. Roles and groups need to be created and used in most cases to ensure IRM can be used broadly. Granular permissions and detailed control of rights adds complexity, so security administrators must consider the impact of the rights decisions they make and whether they can be managed on a broad scale via provisioning processes, particularly for new users.

Question 41

IRM: Explain Access Models.

Answer 41

The access models your organization uses for Information Rights Management (IRM) protected files, is a critical part of the design and implementation. If files are provided via a web application, you may need to ensure that protections are in place to prevent copy and paste from the web application, or to prevent screenshots from being used to extract information. If you use file based tools like SharePoint, encrypting the files and ensuring that they are paired with license files that describe what can and cannot be done with them and who can perform those actions will be the route you need to take. Thus, as a test taker, you should consider the access models in use for the data as part of IRM design.

Question 42

IRM: Explain the use of certificates and licenses.

Answer 42

One common method of identifying both users and computers in an Information Rights Management (IRM) system is to issue certificates and licenses. Licenses describe the rights the users have to the content they are attached to, and certificates are used to validate the identity of the user or computer. Using a central certificate management system to issue and revoke certificates, and then providing a way to check the certificate status for every certificate as needed, is a key part of this.

Question 43

Explain IRM Tool Traits:

Answer 43

IRM can be implement in enterprises by manufacturers, vendors, or content creators. Material protected by IRM solutions typically requires labeling or metadata associated with the material in order for the IRM tool to function properly in an automated or semiautomatic fashion. IRM implementations can vary in technological sophistication and technique.

Question 44

IRM: Name some IRM Tool techniques/checks?

Answer 44

- Rudimentary Reference Checks - Online Reference Checks - Local Agent Checks - Support-Based Licensing

Question 45

What are **Rudimentary Reference Checks?**

Answer 45

Rudimentary Reference Checks - The content itself can automatically check for proper usage or ownership. For instance, in many vintage computer games, the game would pause in operation until the player entered some information that could only have been acquired with the purchase of a licensed copy of the game, like a word or a phrase from the manual that shipped with the game.

Question 46

IRM: What are Online Reference Checks?

Answer 46

**Online Reference Checks** - Microsoft software packages, including Windows operating systems and Office programs, are often locked in the same manner, requiring users to enter a product key at installation; the program would then later check the product key against an online database when the system connected to the Internet.

Question 47

# **** IRM: What are Local Agent Checks?

Answer 47

**Local Agent Checks - ** The user installs a reference tool that checks the protected content against the user's license. Again, gaming engines often work this way, with gamers having to download an agent of Steam or GoG.com when installing any games purchased from those distributors; the agents check the user's system against the online license database to ensure the games are not pirated.

Question 48

IRM: What is Support-Based Licensing

Answer 48

**Support-Based Licensing ** Some IRM implementations are predicated on the need for continual support for content; this is particularly true of production software. Licensed software might be allowed ready accesses to updates and patches, while the vendor could prevent unlicensed versions from getting this type of support.

Question 49

IRM: Employing IRM in the cloud rather than in a locally hosted environment can introduce what kind of challenges?

Answer 49

- Replication restrictions - Jurisdictional conflicts - Agent-enterprise conflicts - Mapping Identity and Access Management (IAM) and IRM - API Conflicts

Question 50

Employing IRM in the Cloud: Explain the problem of Replication restrictions?

Answer 50

**Replication restrictions** Because IRM often involves preventing unauthorized duplication, and the cloud necessitates creating, closing and replicating virtualized host instances (including user-specific content sored locally on the virtual host), IRM might interfere with automatic resource allocation processes.

Question 51

Employing IRM in the Cloud: Explain the problem of Jurisdictional conflicts?

Answer 51

The cloud extends across boundaries and borders, which can pose problems when intellectual property rights are restricted by locale.

Question 52

Employing IRM in the Cloud: Explain the problem of Agent-enterprise conflicts?

Answer 52

IRM solutions that require local installation of software agents for enforcement purposes might not always function properly in the cloud environment, with virtualization engines, or with the various platforms used in a bring your own device (BYOD) enterprise.

Question 53

Employing IRM in the Cloud: Explain the problem of Mapping Identity and Access Management (IAM) and IRM?

Answer 53

Because of the extra layer of access control (often involving content-specific access control lists, or ACLs) the IRM IAM processes might conflict or not work properly with the enterprise/cloud IAM. A conflict is even more possible when cloud IAM functions are outsourced to a third party, such as a cloud access security broker (CASB).**

Question 54

Employing IRM in the Cloud: Explain the problem of API conflicts?

Answer 54

Because the IRM tool is often incorporated into the content, usage of the material might not offer the same level of performance across different applications, such as content readers or media players.

Question 55

IRM: What functions should IRM provide regardless of type of content or format?

Answer 55

- Persistent Protection - Dynamic Policy Control - Automatic Expiration - Continuous Auditing - Replication Restrictions - Remote Rights Revocation

Question 56

Functions of IRM: Explain **Persistent Protection**

Answer 56

The IRM should follow the content it protects, regardless of where that content is located, whether it is a duplicate copy or the original file, or how it is being utilized. This protection should not be easy to circumvent.

Question 57

Functions of IRM: Explain **Dynamic Policy Control**

Answer 57

The IRM tool should allow content creators and data owners to modify the Access Control Lists (ACLs) and permissions for the protected data under their control.

Question 58

Functions of IRM: Explain **Automatic Expiration**

Answer 58

The IRM protections should cease when the legal protections cease. Conversely, licenses also expire, access and permissions for protected content should likewise expire, no matter where that content exists at the end of the license period.

Question 59

Functions of IRM: Explain **Continuous Auditing**

Answer 59

The IRL should allow for comprehensive monitoring of the content's use and access history.

Question 60

Functions of IRM: Explain **Replication Restrictions**

Answer 60

Much of the purpose of IRM is to restrict illegal or unauthorized duplication of protected content. Therefore, IRM solutions should enforce these restrictions across the many forms of copying that exist, to include screen-scraping, printing, electronic duplication, email attachments, and so on.

Question 61

Functions of IRM: Explain **Remote Rights Revocation**

Answer 61

The owner of the rights to specific intellectual property should have the ability to revoke those rights at any time; this capability might be used as a result of litigation or infringement.

Question 62

What need Data retention policies address?

Answer 62

- Retention Periods - Regulations and Compliance - Data Classification - Retention - Data Deletion - Archiving and Retrieval Procedures and Mechanisms

Question 63

What are Data - Retention Periods?

Answer 63

The retention period is the length of time the organization should keep data. This usually refers to data that is being archived for long-term storage - that is, data not currently being used in the production environment. The retention period is often expressed in a number of days for ephemeral data like logs and in years for business data or data that is required to be retained for legal or regulatory reasons. Data retention periods can also be mandated or modified by contractual agreements.

Question 64

**Data Retention Policy: ** What is the impact of **Regulations** and **Compliance**?

Answer 64

The retention period can be mandated by statute or contract; the retention policy should refer to all applicable regulatory guidance. This is especially true in cases where there is conflicting regulation; the policy should reflect management's decision for how to approach and resolve this conflict with the policy as an appropriate mechanism. For instance, laws may impose different retention periods for specific kinds of data, and the organization might operate in states or countries with differing mandated retention periods.

Question 65

Data Retention Policy: What is the impact of Data classification in regards to retention?

Answer 65

Highly sensitive or regulated data may entail specific retention periods, by mandate or contract or best practice. The organization can use the classification level of data to determine how long specific datasets or types of data need to be retained.

Question 66

Data Retention Policy: What should the retention policy specify?

Answer 66

The policy should specify requirements for how the data is actually archived if there are requirements that need to be met for specific types of data. For example, some types of data are required by regulation to be kept encrypted while in storage. In these cases, the policy should include a description of the encryption requirements.

Question 67

Data Retention Policy: Describe how data is deleted and what you need to keep in mind of.

Answer 67

Once data hits the end of its retention period, it must be properly disposed of. While we will dive into the specifics of data deletion in a few pages, the policy and mechanisms that policy drives are important here to ensure that data is properly disposed of. Policies for deletion should specify who will delete data and what the requirements for deletion are and typically point to procedure documentation that provides guidance on how to ensure secure deletion occurs and is validated. In addition, data deletion policies and procedures need to take compliance and legal requirements into account. That may include requirements due to legal holds, industry compliance requirements that set a fixed retention or disposal period, or requirements that require customer data to be deleted when requested.

Question 68

Data Retention Policy: Describe Archiving and Retrieval Procedures and Mechanisms.

Answer 68

The policy should mandate the creation of a detailed description of the processes both for sending data into storage and for recovering it, as well as periodic testing of both archiving and retrieval capabilities. The detailed processes might be included as an attachment to the policy or mentioned by reference to the actual documentation for the processes; the processes might require more frequent updates and editing than the policy and should be kept separate - in most organizations, procedures are far more easily updated than policies!

Question 69

What is a critical part of archiving and retrieval process?

Answer 69

Backups are great, but backups you haven't tested aren't. All too often organizations don't practice recovery from backup and are unprepared for situations where recovery is necessary and recovery efforts are hampered or fail because the backups aren't working properly. **Testing backups on a regular basis is a critical part of archiving and retrieval processes.**

Question 70

Data Retention Policy: How should the data retention policy be monitored and enforced?

Answer 70

As with all policies in the organization, the policy should list, in detail, how often it will be reviewed and amended, by whom, consequences for failure to adhere to the policy, and which entity within the organization is responsible for enforcement.

Question 71

Data Retention Policy: What impact have Legal Holds on the organizations retention policy?

Answer 71

In addition to organizational and regulatory needs for data retention, legal holds are also a driver for retention processes and may require deviation from the organization's normal practices for data retention and destruction. A legal hold occurs when an organization is notified that either: a.) a law enforcement or regulatory entity is commencing an investigation or b.) a private entity is commencing litigation against the organization

Question 72

Data Retention Policy in the Cloud: What do you need to consider in contractual negotions with the cloud provider?

Answer 72

When considering cloud migration, and during negotiations with potential cloud providers, the organization should make a point of ensuring the provider can support the organization's retention policy and that it understands what is actually happening when it uses the cloud service.

Question 73

Archving data in cloud services: What do you need to consider when archiving data in the cloud?

Answer 73

Archiving data in cloud services may also introduce additional complexity due to the variety of services you can use as part of the archiving process. Organizations using Amazon's S3 for storage may want to archive to a service like Glacier, which is much cheaper for long-term, low-access rate storage. Decisions like that involve both design practices that understand usage and access models and policy that determines how long data should be available and when it will be disposed of.

Question 74

# 1. Data Retention Policy: What are additional concerns when it comes to data deletion in the cloud?

Answer 74

Deletion can also create additional concerns in the cloud. You need to understand both your cloud provider removes data that is deleted and what common activities like deprovisioning systems or services mean to your deletion process. While many cloud providers have technology in place that ensures that remnant data will not be accessible to the next user of the underlying infrastructure, remnant data has been recoverable in some cases in the past.

Question 75

Data Audit and Audit Mechanisms: What items need to be described in a data audit policy?

Answer 75

- Audit periods - Audit scope - Audit responsibilities (internal and/or external) - Audit processes and procedures - Applicable regulations - Monitoring, maintenance, and enforcement

Question 76

What is the most important thing when it comes to audits?

Answer 76

As with all types of audits, the organization should particularly careful about ensuring that auditors do not report to anyone in the management structure that owns or is affected by the data being audited; conflicts of interest must be avoided for the audits to have **validity** and **utility**.

Question 77

What 4 challenges can arise if you analyze logs?

Answer 77

- Log review and analysis is not often a priority - Log review is mundane and repetitive - The reviewer needs to have an understanding of the operation - Logging can be expensive

Question 78

What are the three specific areas for audit mechanisms planning and implementation in cloud environments?

Answer 78

- Log collection - Log Correlation - Packet Capture

Question 79

What advantages and challenges arise in log collection?

Answer 79

The first component of audit mechanism design you will need to consider for the CCSP exam is log collection. Log collection in cloud environments for auditing purposes has both advantages and challenges. Many cloud service providers have native log collection tools that can be enabled or are automatically available that can make logging activities easier to tackle. At the same time, multi-cloud, SaaS, and hybrid cloud and on-premises environments can make log collection more difficult. As you plan for auditing, carefully consider the impact that your organization's cloud service selection and design may have on your ability to collect and access logs.

Question 80

Explain Log Correlation:

Answer 80

Simply collecting logs isn't enough, you still need to do something with them. That is where correlation comes in, and where even more challenges start to pop up. Correlation may be easier in a single cloud environment with built-in or third-party tools, but organizations that need to correlate logs between multiple cloud vendors, or between on-premises and cloud environments, can face additional challenges. Fortunately, modern security information and event management (SIEM) tools and other security platforms have ingestion and correlation tools that can help.

Question 81

What is an important step in setting up a logging environment for auditing?

Answer 81

While it may seem obvious, ensuring that the time stamps between your services are accurate and are properly interpreted ais an important step in setting up a logging environment for auditing. Something as simple as having the wrong time zone or not having the accurate time can cause events to not be correlated or to be incorrectly correlated, sending security practitioners chasing ghosts!

Question 82

Auditing Cloud: Explain Packet Capture.

Answer 82

Auditing cloud and on-premises systems can require packet capture to validate traffic flows, but it may also be used for other purposes during assessments. Cloud environments can make packet capture far more difficult - or even impossible - and security practitioners need to consider the architectural, technical, and contractual limits that cloud service providers may have in place before assuming that packet capture will be feasible. In general, packet capture is not available in most SaaS or PaaS environments without direct vendor involvement, and that level of involvement is rare because the underlying service layers aren't designed for customers to see the traffic between services.

Question 83

Data Destruction: How do you destruct data in the on-premise scenario?

Answer 83

- Physical Destruction of Media and Hardware - Degaussing - Overwriting - Crypto-Shredding (Cryptographic Erasure)

Question 84

What are ways to physical destruct media and hardware?

Answer 84

Any hardware or portable media containing the data in question can be destroyed by: - burning - melting - impact (beating, drilling, grinding, and so forth) - industrial shredding This is often the preferred method of sanitization since the data is physically unrecoverable.

Question 85

What is Degaussing?

Answer 85

This involves applying strong magnetic fields to the hardware and media where the data resides, effectively making them blank. It does not work with solid-state drives like SSDs, flash media, and USB thumb drives.

Question 86

Data Destruction: What is overwriting?

Answer 86

When media needs to be reused, overwriting is one option to allow data to be destroyed while leaving the media intact. Overwriting uses multiple passes of random characters written to the location where data resides, or may simply write zeroes - a process called zeroization. This can be extremely time-consuming for large devices and is also not an effective technique for solid-state drives, which are resistant to overwriting, and may result in remnant data.

Question 87

What is **Crypto-Shredding** or **Cryptographic Erasure**?

Answer 87

This involves encrypting the data with a strong encryption engine and then taking the keys generated in that process, encrypting them with a different encryption engine, and destroying the resulting keys of the second round of encryption. Crypto-shredding is considered a better solution than overwriting because data that is encrypted from the beginning of its lifecycle and then shredded cannot be recovered even if remnant data remains. The primary downfall of crypto-shredding is due to the CPU and performance overhead of encrypting and decrypting files.

Question 88

Cloud Data Destruction: How do you destruct data in the cloud?

Answer 88

That leaves crypto-shredding as the sole pragmatic solution for data disposal in the cloud. Crypto-shredding can require time to complete, with time varying based on the size of the volume and technology used. In general, since **crypto-shredding** is part of a data, device, or system lifecycle, the speed of the shredding process is not a significant obstacle to its use.

Question 89

Why is physical destruction in the cloud scenario usually not an option?

Answer 89

Because the cloud provider, not the data owner, owns the hardware, physical destruction is usually out of the question unless there is specific contractual coverage for dedicated hardware and disposal, which is quite costly. In addition, because of the difficulty of knowing the actual specific physical locations of the data at any given moment (or historically), it would be next to impossible to determine all the components and media that would need to be destroyed. In a multitenant environment like a public cloud, a customer cannot physically destroy or overwrite storage space or media, as that would affect other customer's data.

Question 90

What 3 things need to be described in detail in a data disposal policy?

Answer 90

This policy should include detailed description of the following: - The process for data disposal - Applicable regulations - Clear direction of when data should be destroyed.

Question 91

Can Crypto-Shredding/Crytographic Erasure leave remnant data?

Answer 91

If crypto-shredding is performed correctly, there should be no remanence, however, material that is somehow not included in the original encryption (say, a virtual instance that was offline during the encryption process, then added to the cloud environment) might be considered remanence. As in all cryptographic practices, proper implementation is essential for success.