Data Protection Flashcards
What is Data Protection?
Process of safeguarding important information from harm
What are Data Classifications?
Categories assigned to data based on it’s value to the organization and the damage it could cause to the org if the information were to be disclosed.
What is sensitive data?
Any information that could result in a damages if disclosed
What are 2 classification schemes?
Commercial Business and Government
What are the common levels associated with commercial businesses?
- Public data: Zero repercussions if disclosed to the public
- Sensitive Data: Minimal impact if released. Something like company financial data
- Private Data: Data that should only be used within an organization.
- Confidential Data: Data that will harm the organization if released to the public. Something like trade secrets
- Critical Data: Data that can usually be used for profit. Something like credit card numbers
What are the common levels associated with the government?
- Unclassified: Data that can be released to the public or is under the freedom of information act.
- Sensitive but Classified: Data that would not harm national security if released but could harm the individual it’s about.
- Confidential: Data that could seriously affect the government if unauthorized releases occur.
- Secret: Data that could be seriously damage national security.
- Top Secret: Data that will damage national security if released.
What is the lifecycle of data?
- Collection
- Storage
- Destruction
What is data ownership?
the responsibility and control over data that an organization has, ensuring data quality, security, and compliance.
What are the roles associated with Data Ownership?
- Data owner
- Data controller
- Data processors
- Data Stewards
- Data Custodian
- Privacy Officer
Who is the data owner?
Senior exec role that is responsible for maintaining the confidentiality, integrity, availability, and privacy of information
Who is the data controller?
Entity that is responsible for deciding the purposes and methods of data storage, collection, usage, and guaranteeing process legality.
Who are the data processors?
Group or individual hired by the data controller to help with tasks like collecting, storing, or analyzing data.
Who is the data steward?
Focused on data quality and associated data
Who is the data custodian?
Responsible for handling the management of the system on which data assets are stored.
Who is the privacy officer?
Those responsible for the oversight of any kind of privacy related data such as PII. They’re on the hook for data breaches.
Who should the data owner be?
Preferably someone from the business side with each owner being assigned to their own dept.
What are the 3 data states?
- Data at Rest: Data stored in DBs, file systems, etc.
- Data in Transit: Data being moved from point A to point B.
- Data in Use: CRUD functions on data
What are the different forms of Encryption?
- Full disk
- Partition
- File
- Volume
- Database
- Record
What’s the best tool for protecting data at rest?
Encryption
What are ways of securing data in transit?
- SSL and TLS: Cryptographic protocols designed to secure the transfer of data.
- VPNs: Tech that creates a secure connection over a less secure network
- IPSec: Protocol suite used to secure IP communication by authenticating and encrypting each IP packet in a data stream.
What is a SSL?
Secure Socket Layer
An encryption based internet security protocol.
What is a TLS?
Transport Layer Security
An encryption based internet security protocol. Evolved from SSL
What are ways to secure data in use?
- Application level encryption
- Access Controls
- Secure Enclaves
- Intel Software Guards
What is a regulated data type?
Information controlled by laws, regulation, or industry standards.
What are trade secrets?
Type of confidential business information that provide a company with a competitive advantage
What is intellectual property?
Creations of the mind such as inventions, literary and artistic work, etc.
What is legal information?
Data related to legal proceedings, contracts, or regulatory compliance.
What is financial information?
Data related to an organizations financial transactions.
What is human-readable data?
Data that can be read by humans without machines or other forms of assistance
What is non-human-readable data?
Data that can be read by humans without the assistance of a machine or software
What is data sovereignty?
The concept that digital information is subject to the laws of the country it originated from.
What are ways of securing data?
- Geofencing
- Encryption
- Hashing
- Masking
- Tokenization
- Obfuscation
- Segmentation
- Permissions restrictions
What is Data Loss Prevention(DLP)?
A setup that monitors data in a system throughout the various states(rest, transit, use)
What is endpoint DLP?
Software installed on a workstation or laptop that monitors the data that ‘s in use on that computer
What is network DLP?
Software installed on a network to detect data in transit.
What is storage DLP?
Software installed on a server that inspects data at rest.
What is a cloud-based DLP system?
Usually a SAAS that is apart of the cloud service.