Data Considerations Flashcards
What are the four ways to classify data in a commercial setting ?
Confidential, Private, Public, Sensitive
What is covered by the commercial sensitive data classification ?
Sensitive Data - Minimal Impact if released and includes data like organisational financial data.
What is covered by the commercial confidential data classification ?
Confidential Information - Requires restrictive access through such mechanisms as NDA Contains Source Code and intellectual property
What is covered by the commercial private data classification ?
Private - Contains PII and PHI data as well as salary records and other data used in the organisation.
In the public sector what is covered by the CUI classification ?
Includes unclassified information that should still be protected from public disclosure
In the public sector what is covered by the secret classification ?
Includes data such as military deployment plans, defensive postures and other information that could seriously damage national security if disclosed.
In the public sector what is covered by the top secret classification ?
Includes blue prints for weapons or other such information that could gravely damage national security if known to those unauthorised for this level of information.
In the public sector what is covered by the confidential classification ?
Includes data such as trade secrets and other information that could seriously affect the government if unauthorised disclosure were to happen.
What under data classification is the data type ?
A data type is a tag or label to identify a piece of data under a subcategory of a classification
Name some common data types ?
PII, PHI, Intellectual Property
What is data retention ?
It is important to realise that companied retain data for different reasons
Version Control - Returning to a last know state
Recovery from Cyber attacks - Especially as attacks are not always discovered immediately
Legal/Regulatory compliance
It is also important to realise that different data types required different storage options as well.
You should consult the firms lawyers who will be more versed into the retention requirements of various standards and regulations.
What is short term data retention ?
A term that covers how often the youngest media sets are overwritten. So for example some companies have a short term backup of seven days.
What is long term data retention ?
This is data that is moved to long term storage for archiving.
What is RPO ?
RPO is the maximum allowable time between backups
What is RTO ?
RTO is the maximum time allowed to restore backups. It designates the amount of real time that can pass before the disruption begins to seriously and unacceptable impede the flow of normal business operations.