Data Protection Flashcards

1
Q

What is Data Protection?

A

Process of safeguarding important information from harm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are Data Classifications?

A

Categories assigned to data based on it’s value to the organization and the damage it could cause to the org if the information were to be disclosed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is sensitive data?

A

Any information that could result in a damages if disclosed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are 2 classification schemes?

A

Commercial Business and Government

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the common levels associated with commercial businesses?

A
  1. Public data: Zero repercussions if disclosed to the public
  2. Sensitive Data: Minimal impact if released. Something like company financial data
  3. Private Data: Data that should only be used within an organization.
  4. Confidential Data: Data that will harm the organization if released to the public. Something like trade secrets
  5. Critical Data: Data that can usually be used for profit. Something like credit card numbers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the common levels associated with the government?

A
  1. Unclassified: Data that can be released to the public or is under the freedom of information act.
  2. Sensitive but Classified: Data that would not harm national security if released but could harm the individual it’s about.
  3. Confidential: Data that could seriously affect the government if unauthorized releases occur.
  4. Secret: Data that could be seriously damage national security.
  5. Top Secret: Data that will damage national security if released.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the lifecycle of data?

A
  • Collection
  • Storage
  • Destruction
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is data ownership?

A

the responsibility and control over data that an organization has, ensuring data quality, security, and compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the roles associated with Data Ownership?

A
  • Data owner
  • Data controller
  • Data processors
  • Data Stewards
  • Data Custodian
  • Privacy Officer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Who is the data owner?

A

Senior exec role that is responsible for maintaining the confidentiality, integrity, availability, and privacy of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Who is the data controller?

A

Entity that is responsible for deciding the purposes and methods of data storage, collection, usage, and guaranteeing process legality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Who are the data processors?

A

Group or individual hired by the data controller to help with tasks like collecting, storing, or analyzing data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Who is the data steward?

A

Focused on data quality and associated data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Who is the data custodian?

A

Responsible for handling the management of the system on which data assets are stored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Who is the privacy officer?

A

Those responsible for the oversight of any kind of privacy related data such as PII. They’re on the hook for data breaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Who should the data owner be?

A

Preferably someone from the business side with each owner being assigned to their own dept.

17
Q

What are the 3 data states?

A
  1. Data at Rest: Data stored in DBs, file systems, etc.
  2. Data in Transit: Data being moved from point A to point B.
  3. Data in Use: CRUD functions on data
18
Q

What are the different forms of Encryption?

A
  • Full disk
  • Partition
  • File
  • Volume
  • Database
  • Record
19
Q

What’s the best tool for protecting data at rest?

A

Encryption

20
Q

What are ways of securing data in transit?

A
  • SSL and TLS: Cryptographic protocols designed to secure the transfer of data.
  • VPNs: Tech that creates a secure connection over a less secure network
  • IPSec: Protocol suite used to secure IP communication by authenticating and encrypting each IP packet in a data stream.
21
Q

What is a SSL?

A

Secure Socket Layer
An encryption based internet security protocol.

22
Q

What is a TLS?

A

Transport Layer Security
An encryption based internet security protocol. Evolved from SSL

23
Q

What are ways to secure data in use?

A
  • Application level encryption
  • Access Controls
  • Secure Enclaves
  • Intel Software Guards
24
Q

What is a regulated data type?

A

Information controlled by laws, regulation, or industry standards.

25
Q

What are trade secrets?

A

Type of confidential business information that provide a company with a competitive advantage

26
Q

What is intellectual property?

A

Creations of the mind such as inventions, literary and artistic work, etc.

27
Q

What is legal information?

A

Data related to legal proceedings, contracts, or regulatory compliance.

28
Q

What is financial information?

A

Data related to an organizations financial transactions.

29
Q

What is human-readable data?

A

Data that can be read by humans without machines or other forms of assistance

30
Q

What is non-human-readable data?

A

Data that can be read by humans without the assistance of a machine or software

31
Q

What is data sovereignty?

A

The concept that digital information is subject to the laws of the country it originated from.

32
Q

What are ways of securing data?

A
  • Geofencing
  • Encryption
  • Hashing
  • Masking
  • Tokenization
  • Obfuscation
  • Segmentation
  • Permissions restrictions
33
Q

What is Data Loss Prevention(DLP)?

A

A setup that monitors data in a system throughout the various states(rest, transit, use)

34
Q

What is endpoint DLP?

A

Software installed on a workstation or laptop that monitors the data that ‘s in use on that computer

35
Q

What is network DLP?

A

Software installed on a network to detect data in transit.

36
Q

What is storage DLP?

A

Software installed on a server that inspects data at rest.

37
Q

What is a cloud-based DLP system?

A

Usually a SAAS that is apart of the cloud service.