Data Classification Flashcards

1
Q

Name 4 Terms and Roles of Data Ownership

A
  • Data Owner - Data Controller
  • Data Custodian
  • Data Stewards
  • Data Processor
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Explain Data Controller:

A

The data owner is the organization that has collected or created the data, in general terms.
Within the organization, we often assign a specific data owner as being the individual with rights and responsibilities for that data; this is usually the department head or business unit manager for the office that has created or collected a certain dataset.

From a cloud perspective, the cloud customer is usually the data owner. Many international treaties and frameworks refer to the data owner as the data controller.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data Owners: What is the essential point about rights and responsibilities?

A

Data owners remain legally responsible for all data they own. This is true even if data is compromised by a data processor several times removed from the data owner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a Data Custodian?

A

Data-Ownership #Data-Custodian

The data custodian is any person or entity that is tasked with the daily maintenance and administration of the data. The custodian also has the role of applying the proper security controls and processes as directed by the data owner.

Within an organization, the custodian might be a database administrator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain Data Stewards.

A

Data stewards are tasked with ensuring that the data’s context and meaning are understood, and they use that knowledge to make certain the data they are responsible for is used properly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Explain Data Processors.

A

The Data Processor is any organization or person who manipulates, stores, or moves the data on behalf of the data-owner.

Processing is anything that can be done to data:

  • copying it
  • printing it
  • destroying it
  • utilizing it

From an international law perspective, the cloud provider is a data processor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What could count as data processing?

A

Processing is anything that can be done to data:

  • copying it
  • printing it
  • destroying it
  • utilizing it
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data Processors: What is a essential point to remember about the rights and responsibilities of data ownership and custody?

A

Data processors do not necessarily all have direct relationships with data owners; processors can be third parties, or even further removed down the supply chain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data Categorization: Categorization is commonly driven by what kind of 3 factors?

A
  • Regulatory Compliance
  • Business Function
  • By Project
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Categorization: Explain the impact of regulatory compliance.

A

Different business activities are governed by different regulations.
The organization may want to create categories based on which regulations or requirements apply to a specific dataset.

This might include the:

  • Graham-Leach-Bliley Act (GLBA)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Sarbanes-Oxley (SOX)
  • Health Insurance Portability and - Accountability Act (HIPAA)
  • EU’s General Data Protection Regulation (GDPR)
  • or other international, national, state, or local requirements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data Categorization: Explain the impact of business function.

A

The organization might want to have specific categories for different uses of data. Perhaps the data is tagged based on its use in billing, marketing, or operations; by types ofcustomers; or by some other functional requirement or descriptor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Data Categorization: Explain the impact of By Project.

A

Some organization might define datasets by the projects they are associated with as means of creating discrete, compartmentalized projects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Data Classification?

A

Much like data categorization, data classification is the responsibility of the data owner and is assigned according to an overall organizational policy based on specific characteristic of a given dataset.

The classification, like the categorization, can take any form defined by the organization and should be uniformly applied.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Data Classification: Name three types of classifications?

A
  • Sensitivity
  • Jurisdiction
  • ## Criticality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Data Classification: Explain Sensitivity.

A

Sensitivity
This is the classification model used by the U.S. military. Data is assigned a classification according to its sensitivity, based on the negative impact an unauthorized disclosure would cause. In models of this kind, classification must be assigned to all data, even in the negative, so material that is not deemed to be sensitive must be assigned the “unclassified” label.

We will discuss labeling shortly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Data Classification: Explain Jurisdiction.

A

The geophysical location of the source or storage point of the data might have significant bearing on how that data is treated and handled.

For instance, personally identifiable information (PII) data gathered from citizens of the European Union (EU) is subject to the EU privacy laws, which are much stricter and more comprehensive than privacy laws in the United States.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Data Classification: Explain Criticality.

A

Criticality Data that is deemed critical to organizational survival might be classified in a manner distinct from trivial, basic operational data.

As we know from the previous chapter, the Business Impact Analysis (BIA) helps us determine which material would be classified this way.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is Data Mapping?

A

Data that is shared organizations (or sometimes even between departments) must be normalized and translated so that it conforms in a way that is meaningful to both parties. This is typically referred to as data mapping.

When used in the context of classification efforts, mapping is necessary so that data that is known as sensitive (and in need of protection) in one system/organization is recognized as such by the receiving system/organization so that those protections can continue.

Without proper mapping efforts, data is classified at a specific level might be exposed to undue risk or threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Do privacy based regulations now require data mapping?

A

Yes!

An increasing number of privacy-based regulations now require data mapping. That means you may be legally required to identify data like **Personally identifiable information (PII) **to meet compliance requirements.

Examples of laws that include data mapping requirements include the European Union’s General Data Protection Regulation (GDPR) as well as California’s Consumer Privacy Act of 2018.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is Data Labeling?

A

When the data owner creates, categorizes, and classifies the data, the data also needs to be labeled.

The label should indicate who the data owner is, usually in terms of the office or role instead of an individual name or identity (because, of course, personnel can change roles within an organization or leave for other organizations).

The label should take whatever form is necessary for it to be enduring, understandable, and consistent; for instance, while labels on data in hard copy might be printed headers and footers, labels on electronic files might be embedded in the filename or added as metadata.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What kinds of information could labels include?

A
  • Data of creation
  • Date of scheduled destruction/disposal
  • Confidentiality level
  • Handling directions
  • Dissemination/distribution instructions
  • Access limitations
  • Source
  • Jurisdiction
  • Applicable regulation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Explain Data Flow

A

In this simplified model, an account is created and data is sent to an analytics platform where everything but the password is used to conduct data analysis and reporting for the organization.

At the same time, key user information is sent to an account renewal system that sends notifications when subscriptions are expiring. If the account is not renewed, the organization will use the canceled account process that removes some data from the active accounts list but is likely to retain things like the UserID and other data in case the subscriber chooses to resubscribe in the future.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are Data Discovery Methods?

A

Data discovery is a term that can be used to refer to several kinds of tasks: it might mean that the organization is attempting to create that initial inventory of data its owns or that the organization is involved in electronic discovery (e-discovery), the legal term for how electronic evidence is collected as part of an investigation or lawsuit; and it can also mean the modern use of data mining tools to discover trends and relations in the data already in the organization’s inventory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Name 3 Data Discovery Methods?

A
  • Label-Based Discovery
  • Metadata-Based Discovery
  • Content-Based Discovery
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is Label-Based Discovery?

A

Obviously, the labels created by data owners will greatly aid any data discovery effort. With accurate and sufficient labels, the organization can readily determine what data it controls and what amounts of each kind.

This is another reason the habit and process of labeling is so important.

Labels can be especially useful when the discovery effort is undertaken in response to a mandate with a specific purpose, such as a court order or a regulatory demand: if all data related to X is required, and all such data is readily labeled, it is easy to select and disclose all the appropriate data, and only the appropriate data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is Metadata-Based Discovery?

A

Colloquially referred to as “data about data,” metadata is a listing of traits and characteristics about specific data elements or sets.

Metadata is often automatically created at the same time as the data, often by the hardware or software used to create the parent data.

Data discovery can therefore use metadata in the same way labels might be used; specific fields of the metadata might be scanned for particular terms and all matching data elements collected for a certain purpose.

Note
Labels are often a type of metadata, so it is important to remember that these discovery methods may overlap.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is Content-Based Discovery?

A

Even without labels or metadata, discovery tools can be used to locate and identify specific kinds of data by delving into the content of datasets. This technique can be as basic as term searches or can use sophisticated pattern-matching technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What kind of Data exist?

A
  • Structured Data
  • Unstructured Data
  • Sem-Structured Data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is Structured Data?

A

Data that is sorted according to meaningful, discrete types, and attributes, such as data in a relational database, is said to be structured data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is Unstructured Data?

A

Unstructured Data
Unsorted data (such as the content of various emails in a user’s Sent folder, which could include discussions of any topic or contain all types of content) is considered unstructured data.

It is typically much easier to perform data discovery actions on structured data because that data is already situated and arranged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is Semi-Structured Data?

A

Semi-structured data uses tags or other elements to create fields and records within data without requiring the rigid structure that structured data relies on.

Examples of semi-structured data include XML (extensible markup language) and JSON (JavaScript object notation), both of which provide flexible structures that still allow data descriptions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Data Discovery: What kind of challenge does data location cause in the discovery process?

A

-** Laws and regulations** may limit the types or methods of discovery you can engage in, or what you can do with the data, as well as where and how you can store it.

  • technical hurdles
    Data location can also create technical hurdles to discovery. If data is stored in unstructured form, or in a service that handles data in ways that make it challenging to conduct discovery, you may have to design around those constraints.

bearing costs
Location can also have a bearing on costs because cloud ingress and egress costs can vary greatly, potentially impacting both where you process data and whether you transfer it or process it in place.

It will be far easier to conduct some types of discovery action

  • unstructured data
    Unstructured data with data embedded inside of it, like freeform text from customers, can require far more complex queries, which is more likely to result in missed data.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What are common types of data analytics methods?

A
  • Data Mining
  • Real Time
  • Business Intelligence
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is Data Mining?

A

Data Mining -

The term for the family of activities from which the other options on this list derive. This kind of data analysis is an outgrowth of the possibilities offered by regular use of the cloud, also known as “big data.”

When the organization has collected various data streams and can run queries across these various feeds, it can detect and analyze previously unknown trends and pattern that can be extremely useful.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is Real-Time Data Analytics?

A

**Real-Time **-

Analytics in some cases, tools can provide data mining functionality concurrently with data creation and use. These tools rely on automation and require efficiency to perform properly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Explain Business Intelligence?

A

Business Intelligence -

State-of-the-art data mining involves recursive, iterative tools and processes that can detect trends in trends and identify even more oblique patterns in both historical and recent data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is Information Rights Management (IRM)?

A

Information rights management (IRM) is used to describe the application of digital rights management tools and techniques to files created by individuals and is typically focused on protecting the information contained in the documents rather than who can watch a movie or play a video game.

38
Q

What are Information Rights Management Objectives?

A
  • Data Rights
  • Provisioning
  • Access Models
39
Q

IRM: Explain Data rights.

A

Data Rights describe the actions that authorized users can take on a given asset and how those rights are:

  • set
  • applied
  • modified
  • removed

Typically rights match those for other file types you are already familiar with:

  • creating
  • editing
  • copying
  • viewing or accessing
  • printing
  • forwarding
  • deleting
  • are all things that are commonly controlled by Information Rights Management (IRM) tools.

Forwarding may stand out because IRM tools may be applied to email and other communications tools, and you will want to think about IRM as a tool to control data throughout its lifecycle.

40
Q

IRM: Explain Provisioning rights.

A

Provisioning rights for users in Information Rights Management systems is critical to ensuring that use of IRM does not disrupt the business while still being effective for rights management.

Roles and groups need to be created and used in most cases to ensure IRM can be used broadly.

Granular permissions and detailed control of rights adds complexity, so security administrators must consider the impact of the rights decisions they make and whether they can be managed on a broad scale via provisioning processes, particularly for new users.

41
Q

IRM: Explain Access Models.

A

The access models your organization uses for Information Rights Management (IRM) protected files, is a critical part of the design and implementation.

If files are provided via a web application, you may need to ensure that protections are in place to prevent copy and paste from the web application, or to prevent screenshots from being used to extract information.

If you use file based tools like SharePoint, encrypting the files and ensuring that they are paired with license files that describe what can and cannot be done with them and who can perform those actions will be the route you need to take. Thus, as a test taker, you should consider the access models in use for the data as part of IRM design.

42
Q

IRM: Explain the use of certificates and licenses.

A

One common method of identifying both users and computers in an Information Rights Management (IRM) system is to issue certificates and licenses. Licenses describe the rights the users have to the content they are attached to, and certificates are used to validate the identity of the user or computer.

Using a central certificate management system to issue and revoke certificates, and then providing a way to check the certificate status for every certificate as needed, is a key part of this.

43
Q

Explain IRM Tool Traits:

A

IRM can be implement in enterprises by manufacturers, vendors, or content creators.

Material protected by IRM solutions typically requires labeling or metadata associated with the material in order for the IRM tool to function properly in an automated or semiautomatic fashion.

IRM implementations can vary in technological sophistication and technique.

44
Q

IRM: Name some IRM Tool techniques/checks?

A
  • Rudimentary Reference Checks
  • Online Reference Checks
  • Local Agent Checks
  • Support-Based Licensing
45
Q

What are Rudimentary Reference Checks?

A

Rudimentary Reference Checks - The content itself can automatically check for proper usage or ownership.

For instance, in many vintage computer games, the game would pause in operation until the player entered some information that could only have been acquired with the purchase of a licensed copy of the game, like a word or a phrase from the manual that shipped with the game.

46
Q

IRM: What are Online Reference Checks?

A

Online Reference Checks
- Microsoft software packages, including Windows operating systems and Office programs, are often locked in the same manner, requiring users to enter a product key at installation; the program would then later check the product key against an online database when the system connected to the Internet.

47
Q

**

IRM: What are Local Agent Checks?

A

**Local Agent Checks - **
The user installs a reference tool that checks the protected content against the user’s license.

Again, gaming engines often work this way, with gamers having to download an agent of Steam or GoG.com when installing any games purchased from those distributors; the agents check the user’s system against the online license database to ensure the games are not pirated.

48
Q

IRM: What is Support-Based Licensing

A

**Support-Based Licensing **

Some IRM implementations are predicated on the need for continual support for content; this is particularly true of production software.

Licensed software might be allowed ready accesses to updates and patches, while the vendor could prevent unlicensed versions from getting this type of support.

49
Q

IRM: Employing IRM in the cloud rather than in a locally hosted environment can introduce what kind of challenges?

A
  • Replication restrictions
  • Jurisdictional conflicts
  • Agent-enterprise conflicts
  • Mapping Identity and Access Management (IAM) and IRM
  • API Conflicts
50
Q

Employing IRM in the Cloud: Explain the problem of Replication restrictions?

A

Replication restrictions
Because IRM often involves preventing unauthorized duplication, and the cloud necessitates creating, closing and replicating virtualized host instances (including user-specific content sored locally on the virtual host), IRM might interfere with automatic resource allocation processes.

51
Q

Employing IRM in the Cloud: Explain the problem of Jurisdictional conflicts?

A

The cloud extends across boundaries and borders, which can pose problems when intellectual property rights are restricted by locale.

52
Q

Employing IRM in the Cloud: Explain the problem of Agent-enterprise conflicts?

A

IRM solutions that require local installation of software agents for enforcement purposes might not always function properly in the cloud environment, with virtualization engines, or with the various platforms used in a bring your own device (BYOD) enterprise.

53
Q

Employing IRM in the Cloud: Explain the problem of Mapping Identity and Access Management (IAM) and IRM?

A

Because of the extra layer of access control (often involving content-specific access control lists, or ACLs) the IRM IAM processes might conflict or not work properly with the enterprise/cloud IAM.

A conflict is even more possible when cloud IAM functions are outsourced to a third party, such as a cloud access security broker (CASB).**

54
Q

Employing IRM in the Cloud: Explain the problem of API conflicts?

A

Because the IRM tool is often incorporated into the content, usage of the material might not offer the same level of performance across different applications, such as content readers or media players.

55
Q

IRM: What functions should IRM provide regardless of type of content or format?

A
  • Persistent Protection
  • Dynamic Policy Control
  • Automatic Expiration
  • Continuous Auditing
  • Replication Restrictions
  • Remote Rights Revocation
56
Q

Functions of IRM: Explain Persistent Protection

A

The IRM should follow the content it protects, regardless of where that content is located, whether it is a duplicate copy or the original file, or how it is being utilized. This protection should not be easy to circumvent.

57
Q

Functions of IRM: Explain Dynamic Policy Control

A

The IRM tool should allow content creators and data owners to modify the Access Control Lists (ACLs) and permissions for the protected data under their control.

58
Q

Functions of IRM: Explain Automatic Expiration

A

The IRM protections should cease when the legal protections cease. Conversely, licenses also expire, access and permissions for protected content should likewise expire, no matter where that content exists at the end of the license period.

59
Q

Functions of IRM: Explain Continuous Auditing

A

The IRL should allow for comprehensive monitoring of the content’s use and access history.

60
Q

Functions of IRM: Explain Replication Restrictions

A

Much of the purpose of IRM is to restrict illegal or unauthorized duplication of protected content.

Therefore, IRM solutions should enforce these restrictions across the many forms of copying that exist, to include screen-scraping, printing, electronic duplication, email attachments, and so on.

61
Q

Functions of IRM: Explain Remote Rights Revocation

A

The owner of the rights to specific intellectual property should have the ability to revoke those rights at any time; this capability might be used as a result of litigation or infringement.

62
Q

What need Data retention policies address?

A
  • Retention Periods
  • Regulations and Compliance
  • Data Classification
  • Retention
  • Data Deletion
  • Archiving and Retrieval Procedures and Mechanisms
63
Q

What are Data - Retention Periods?

A

The retention period is the length of time the organization should keep data.

This usually refers to data that is being archived for long-term storage - that is, data not currently being used in the production environment.
The retention period is often expressed in a number of days for ephemeral data like logs and in years for business data or data that is required to be retained for legal or regulatory reasons.

Data retention periods can also be mandated or modified by contractual agreements.

64
Q

**Data Retention Policy: **
What is the impact of Regulations and Compliance?

A

The retention period can be mandated by statute or contract; the retention policy should refer to all applicable regulatory guidance.

This is especially true in cases where there is conflicting regulation; the policy should reflect management’s decision for how to approach and resolve this conflict with the policy as an appropriate mechanism.

For instance, laws may impose different retention periods for specific kinds of data, and the organization might operate in states or countries with differing mandated retention periods.

65
Q

Data Retention Policy:
What is the impact of Data classification in regards to retention?

A

Highly sensitive or regulated data may entail specific retention periods, by mandate or contract or best practice.

The organization can use the classification level of data to determine how long specific datasets or types of data need to be retained.

66
Q

Data Retention Policy:
What should the retention policy specify?

A

The policy should specify requirements for how the data is actually archived if there are requirements that need to be met for specific types of data.

For example, some types of data are required by regulation to be kept encrypted while in storage.

In these cases, the policy should include a description of the encryption requirements.

67
Q

Data Retention Policy:
Describe how data is deleted and what you need to keep in mind of.

A

Once data hits the end of its retention period, it must be properly disposed of.

While we will dive into the specifics of data deletion in a few pages, the policy and mechanisms that policy drives are important here to ensure that data is properly disposed of.

Policies for deletion should specify who will delete data and what the requirements for deletion are and typically point to procedure documentation that provides guidance on how to ensure secure deletion occurs and is validated.

In addition, data deletion policies and procedures need to take compliance and legal requirements into account. That may include requirements due to legal holds, industry compliance requirements that set a fixed retention or disposal period, or requirements that require customer data to be deleted when requested.

68
Q

Data Retention Policy: Describe Archiving and Retrieval Procedures and Mechanisms.

A

The policy should mandate the creation of a detailed description of the processes both for sending data into storage and for recovering it, as well as periodic testing of both archiving and retrieval capabilities.

The detailed processes might be included as an attachment to the policy or mentioned by reference to the actual documentation for the processes; the processes might require more frequent updates and editing than the policy and should be kept separate - in most organizations, procedures are far more easily updated than policies!

69
Q

What is a critical part of archiving and retrieval process?

A

Backups are great, but backups you haven’t tested aren’t. All too often organizations don’t practice recovery from backup and are unprepared for situations where recovery is necessary and recovery efforts are hampered or fail because the backups aren’t working properly.

Testing backups on a regular basis is a critical part of archiving and retrieval processes.

70
Q

Data Retention Policy:
How should the data retention policy be monitored and enforced?

A

As with all policies in the organization, the policy should list, in detail, how often it will be reviewed and amended, by whom, consequences for failure to adhere to the policy, and which entity within the organization is responsible for enforcement.

71
Q

Data Retention Policy:
What impact have Legal Holds on the organizations retention policy?

A

In addition to organizational and regulatory needs for data retention, legal holds are also a driver for retention processes and may require deviation from the organization’s normal practices for data retention and destruction.

A legal hold occurs when an organization is notified that either:

a.) a law enforcement or regulatory entity is commencing an investigation
or
b.) a private entity is commencing litigation against the organization

72
Q

Data Retention Policy in the Cloud:
What do you need to consider in contractual negotions with the cloud provider?

A

When considering cloud migration, and during negotiations with potential cloud providers, the organization should make a point of ensuring the provider can support the organization’s retention policy and that it understands what is actually happening when it uses the cloud service.

73
Q

Archving data in cloud services:

What do you need to consider when archiving data in the cloud?

A

Archiving data in cloud services may also introduce additional complexity due to the variety of services you can use as part of the archiving process.

Organizations using Amazon’s S3 for storage may want to archive to a service like Glacier, which is much cheaper for long-term, low-access rate storage. Decisions like that involve both design practices that understand usage and access models and policy that determines how long data should be available and when it will be disposed of.

74
Q

1.

Data Retention Policy:
What are additional concerns when it comes to data deletion in the cloud?

A

Deletion can also create additional concerns in the cloud.
You need to understand both your cloud provider removes data that is deleted and what common activities like deprovisioning systems or services mean to your deletion process.

While many cloud providers have technology in place that ensures that remnant data will not be accessible to the next user of the underlying infrastructure, remnant data has been recoverable in some cases in the past.

75
Q

Data Audit and Audit Mechanisms:

What items need to be described in a data audit policy?

A
  • Audit periods
  • Audit scope
  • Audit responsibilities (internal and/or external)
  • Audit processes and procedures
  • Applicable regulations
  • Monitoring, maintenance, and enforcement
76
Q

What is the most important thing when it comes to audits?

A

As with all types of audits, the organization should particularly careful about ensuring that auditors do not report to anyone in the management structure that owns or is affected by the data being audited; conflicts of interest must be avoided for the audits to have validity and utility.

77
Q

What 4 challenges can arise if you analyze logs?

A
  • Log review and analysis is not often a priority
  • Log review is mundane and repetitive
  • The reviewer needs to have an understanding of the operation
  • Logging can be expensive
78
Q

What are the three specific areas for audit mechanisms planning and implementation in cloud environments?

A
  • Log collection
  • Log Correlation
  • Packet Capture
79
Q

What advantages and challenges arise in log collection?

A

The first component of audit mechanism design you will need to consider for the CCSP exam is log collection.

Log collection in cloud environments for auditing purposes has both advantages and challenges. Many cloud service providers have native log collection tools that can be enabled or are automatically available that can make logging activities easier to tackle.

At the same time, multi-cloud, SaaS, and hybrid cloud and on-premises environments can make log collection more difficult.

As you plan for auditing, carefully consider the impact that your organization’s cloud service selection and design may have on your ability to collect and access logs.

80
Q

Explain Log Correlation:

A

Simply collecting logs isn’t enough, you still need to do something with them.

That is where correlation comes in, and where even more challenges start to pop up. Correlation may be easier in a single cloud environment with built-in or third-party tools, but organizations that need to correlate logs between multiple cloud vendors, or between on-premises and cloud environments, can face additional challenges.

Fortunately, modern security information and event management (SIEM) tools and other security platforms have ingestion and correlation tools that can help.

81
Q

What is an important step in setting up a logging environment for auditing?

A

While it may seem obvious, ensuring that the time stamps between your services are accurate and are properly interpreted ais an important step in setting up a logging environment for auditing.

Something as simple as having the wrong time zone or not having the accurate time can cause events to not be correlated or to be incorrectly correlated, sending security practitioners chasing ghosts!

82
Q

Auditing Cloud: Explain Packet Capture.

A

Auditing cloud and on-premises systems can require packet capture to validate traffic flows, but it may also be used for other purposes during assessments.

Cloud environments can make packet capture far more difficult - or even impossible - and security practitioners need to consider the architectural, technical, and contractual limits that cloud service providers may have in place before assuming that packet capture will be feasible.

In general, packet capture is not available in most SaaS or PaaS environments without direct vendor involvement, and that level of involvement is rare because the underlying service layers aren’t designed for customers to see the traffic between services.

83
Q

Data Destruction: How do you destruct data in the on-premise scenario?

A
  • Physical Destruction of Media and Hardware
  • Degaussing
  • Overwriting
  • Crypto-Shredding (Cryptographic Erasure)
84
Q

What are ways to physical destruct media and hardware?

A

Any hardware or portable media containing the data in question can be destroyed by:

  • burning
  • melting
  • impact (beating, drilling, grinding, and so forth)
  • industrial shredding

This is often the preferred method of sanitization since the data is physically unrecoverable.

85
Q

What is Degaussing?

A

This involves applying strong magnetic fields to the hardware and media where the data resides, effectively making them blank. It does not work with solid-state drives like SSDs, flash media, and USB thumb drives.

86
Q

Data Destruction: What is overwriting?

A

When media needs to be reused, overwriting is one option to allow data to be destroyed while leaving the media intact.

Overwriting uses multiple passes of random characters written to the location where data resides, or may simply write zeroes - a process called zeroization.

This can be extremely time-consuming for large devices and is also not an effective technique for solid-state drives, which are resistant to overwriting, and may result in remnant data.

87
Q

What is Crypto-Shredding or Cryptographic Erasure?

A

This involves encrypting the data with a strong encryption engine and then taking the keys generated in that process, encrypting them with a different encryption engine, and destroying the resulting keys of the second round of encryption.

Crypto-shredding is considered a better solution than overwriting because data that is encrypted from the beginning of its lifecycle and then shredded cannot be recovered even if remnant data remains.

The primary downfall of crypto-shredding is due to the CPU and performance overhead of encrypting and decrypting files.

88
Q

Cloud Data Destruction: How do you destruct data in the cloud?

A

That leaves crypto-shredding as the sole pragmatic solution for data disposal in the cloud.
Crypto-shredding can require time to complete, with time varying based on the size of the volume and technology used.

In general, since crypto-shredding is part of a data, device, or system lifecycle, the speed of the shredding process is not a significant obstacle to its use.

89
Q

Why is physical destruction in the cloud scenario usually not an option?

A

Because the cloud provider, not the data owner, owns the hardware, physical destruction is usually out of the question unless there is specific contractual coverage for dedicated hardware and disposal, which is quite costly.

In addition, because of the difficulty of knowing the actual specific physical locations of the data at any given moment (or historically), it would be next to impossible to determine all the components and media that would need to be destroyed.

In a multitenant environment like a public cloud, a customer cannot physically destroy or overwrite storage space or media, as that would affect other customer’s data.

90
Q

What 3 things need to be described in detail in a data disposal policy?

A

This policy should include detailed description of the following:

  • The process for data disposal
  • Applicable regulations
  • Clear direction of when data should be destroyed.
91
Q

Can Crypto-Shredding/Crytographic Erasure leave remnant data?

A

If crypto-shredding is performed correctly, there should be no remanence, however, material that is somehow not included in the original encryption (say, a virtual instance that was offline during the encryption process, then added to the cloud environment) might be considered remanence.

As in all cryptographic practices, proper implementation is essential for success.