Data Considerations Flashcards

1
Q

What are the four ways to classify data in a commercial setting ?

A

Confidential, Private, Public, Sensitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is covered by the commercial sensitive data classification ?

A

Sensitive Data - Minimal Impact if released and includes data like organisational financial data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is covered by the commercial confidential data classification ?

A

Confidential Information - Requires restrictive access through such mechanisms as NDA Contains Source Code and intellectual property

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is covered by the commercial private data classification ?

A

Private - Contains PII and PHI data as well as salary records and other data used in the organisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In the public sector what is covered by the CUI classification ?

A

Includes unclassified information that should still be protected from public disclosure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In the public sector what is covered by the secret classification ?

A

Includes data such as military deployment plans, defensive postures and other information that could seriously damage national security if disclosed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In the public sector what is covered by the top secret classification ?

A

Includes blue prints for weapons or other such information that could gravely damage national security if known to those unauthorised for this level of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In the public sector what is covered by the confidential classification ?

A

Includes data such as trade secrets and other information that could seriously affect the government if unauthorised disclosure were to happen.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What under data classification is the data type ?

A

A data type is a tag or label to identify a piece of data under a subcategory of a classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Name some common data types ?

A

PII, PHI, Intellectual Property

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is data retention ?

A

It is important to realise that companied retain data for different reasons

Version Control - Returning to a last know state
Recovery from Cyber attacks - Especially as attacks are not always discovered immediately
Legal/Regulatory compliance

It is also important to realise that different data types required different storage options as well.

You should consult the firms lawyers who will be more versed into the retention requirements of various standards and regulations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is short term data retention ?

A

A term that covers how often the youngest media sets are overwritten. So for example some companies have a short term backup of seven days.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is long term data retention ?

A

This is data that is moved to long term storage for archiving.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is RPO ?

A

RPO is the maximum allowable time between backups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is RTO ?

A

RTO is the maximum time allowed to restore backups. It designates the amount of real time that can pass before the disruption begins to seriously and unacceptable impede the flow of normal business operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Name the four types of data destruction ?

A

Data Removal, Data Destruction, Data Sanitisation, Physical Destruction

17
Q

Give an example of data removal ?

A

Deleting a file

18
Q

Give and example of data destruction ?

A

Overwriting with 1,0

19
Q

Give an example of data sanitisation ?

A

Degaussing

20
Q

What is data preservation ?

A

This is data that has been retained but is not subject to the retention rules of the organisation.

21
Q

Name the two types of data format ?

A

Structured and Unstructured

22
Q

Name the three states that data can be in ?

A

Rest, Transit, In Use

23
Q

What is data sovereignty

A

The principle that countries and states may impose individual requirements on data collected or being stored within their jurisdiction.

24
Q

What is the responsibility of the privacy officer ?

A

Is responsible for the organisations data privacy. They implement policies and procedures to help carry out privacy controls around data that has been classified as private. Looks after compliance with regulations and data.

25
Q

What is the responsibility of the data owner ?

A

Responsible for specific data sets but delegates the day to day procedures around data. Also responsible for classify the data.

26
Q

What is the responsibility of the data steward ?

A

Manages the day to day control and protection of data for the organisation responsible for compliancy and regulatory understanding. Make sure that the decisions made by the data owner are enacted and enforced.

27
Q

What is the role of the data custodian ?

A

Data custodian is responsible for the systems that store or manipulate that data.