Data Considerations Flashcards
What are the four ways to classify data in a commercial setting ?
Confidential, Private, Public, Sensitive
What is covered by the commercial sensitive data classification ?
Sensitive Data - Minimal Impact if released and includes data like organisational financial data.
What is covered by the commercial confidential data classification ?
Confidential Information - Requires restrictive access through such mechanisms as NDA Contains Source Code and intellectual property
What is covered by the commercial private data classification ?
Private - Contains PII and PHI data as well as salary records and other data used in the organisation.
In the public sector what is covered by the CUI classification ?
Includes unclassified information that should still be protected from public disclosure
In the public sector what is covered by the secret classification ?
Includes data such as military deployment plans, defensive postures and other information that could seriously damage national security if disclosed.
In the public sector what is covered by the top secret classification ?
Includes blue prints for weapons or other such information that could gravely damage national security if known to those unauthorised for this level of information.
In the public sector what is covered by the confidential classification ?
Includes data such as trade secrets and other information that could seriously affect the government if unauthorised disclosure were to happen.
What under data classification is the data type ?
A data type is a tag or label to identify a piece of data under a subcategory of a classification
Name some common data types ?
PII, PHI, Intellectual Property
What is data retention ?
It is important to realise that companied retain data for different reasons
Version Control - Returning to a last know state
Recovery from Cyber attacks - Especially as attacks are not always discovered immediately
Legal/Regulatory compliance
It is also important to realise that different data types required different storage options as well.
You should consult the firms lawyers who will be more versed into the retention requirements of various standards and regulations.
What is short term data retention ?
A term that covers how often the youngest media sets are overwritten. So for example some companies have a short term backup of seven days.
What is long term data retention ?
This is data that is moved to long term storage for archiving.
What is RPO ?
RPO is the maximum allowable time between backups
What is RTO ?
RTO is the maximum time allowed to restore backups. It designates the amount of real time that can pass before the disruption begins to seriously and unacceptable impede the flow of normal business operations.
Name the four types of data destruction ?
Data Removal, Data Destruction, Data Sanitisation, Physical Destruction
Give an example of data removal ?
Deleting a file
Give and example of data destruction ?
Overwriting with 1,0
Give an example of data sanitisation ?
Degaussing
What is data preservation ?
This is data that has been retained but is not subject to the retention rules of the organisation.
Name the two types of data format ?
Structured and Unstructured
Name the three states that data can be in ?
Rest, Transit, In Use
What is data sovereignty
The principle that countries and states may impose individual requirements on data collected or being stored within their jurisdiction.
What is the responsibility of the privacy officer ?
Is responsible for the organisations data privacy. They implement policies and procedures to help carry out privacy controls around data that has been classified as private. Looks after compliance with regulations and data.
What is the responsibility of the data owner ?
Responsible for specific data sets but delegates the day to day procedures around data. Also responsible for classify the data.
What is the responsibility of the data steward ?
Manages the day to day control and protection of data for the organisation responsible for compliancy and regulatory understanding. Make sure that the decisions made by the data owner are enacted and enforced.
What is the role of the data custodian ?
Data custodian is responsible for the systems that store or manipulate that data.
