Data Protection

Question 1

What is Data Protection?

Answer 1

Process of safeguarding important information from harm

Question 2

What are Data Classifications?

Answer 2

Categories assigned to data based on it’s value to the organization and the damage it could cause to the org if the information were to be disclosed.

Question 3

What is sensitive data?

Answer 3

Any information that could result in a damages if disclosed

Question 4

What are 2 classification schemes?

Answer 4

Commercial Business and Government

Question 5

What are the common levels associated with commercial businesses?

Answer 5

1. Public data: Zero repercussions if disclosed to the public
2. Sensitive Data: Minimal impact if released. Something like company financial data
3. Private Data: Data that should only be used within an organization.
4. Confidential Data: Data that will harm the organization if released to the public. Something like trade secrets
5. Critical Data: Data that can usually be used for profit. Something like credit card numbers

Question 6

What are the common levels associated with the government?

Answer 6

1. Unclassified: Data that can be released to the public or is under the freedom of information act.
2. Sensitive but Classified: Data that would not harm national security if released but could harm the individual it’s about.
3. Confidential: Data that could seriously affect the government if unauthorized releases occur.
4. Secret: Data that could be seriously damage national security.
5. Top Secret: Data that will damage national security if released.

Question 7

What is the lifecycle of data?

Answer 7

• Collection
• Storage
• Destruction

Question 8

What is data ownership?

Answer 8

the responsibility and control over data that an organization has, ensuring data quality, security, and compliance.

Question 9

What are the roles associated with Data Ownership?

Answer 9

• Data owner
• Data controller
• Data processors
• Data Stewards
• Data Custodian
• Privacy Officer

Question 10

Who is the data owner?

Answer 10

Senior exec role that is responsible for maintaining the confidentiality, integrity, availability, and privacy of information

Question 11

Who is the data controller?

Answer 11

Entity that is responsible for deciding the purposes and methods of data storage, collection, usage, and guaranteeing process legality.

Question 12

Who are the data processors?

Answer 12

Group or individual hired by the data controller to help with tasks like collecting, storing, or analyzing data.

Question 13

Who is the data steward?

Answer 13

Focused on data quality and associated data

Question 14

Who is the data custodian?

Answer 14

Responsible for handling the management of the system on which data assets are stored.

Question 15

Who is the privacy officer?

Answer 15

Those responsible for the oversight of any kind of privacy related data such as PII. They’re on the hook for data breaches.

Question 16

Who should the data owner be?

Answer 16

Preferably someone from the business side with each owner being assigned to their own dept.

Question 17

What are the 3 data states?

Answer 17

1. Data at Rest: Data stored in DBs, file systems, etc.
2. Data in Transit: Data being moved from point A to point B.
3. Data in Use: CRUD functions on data

Question 18

What are the different forms of Encryption?

Answer 18

• Full disk
• Partition
• File
• Volume
• Database
• Record

Question 19

What’s the best tool for protecting data at rest?

Answer 19

Encryption

Question 20

What are ways of securing data in transit?

Answer 20

• SSL and TLS: Cryptographic protocols designed to secure the transfer of data.
• VPNs: Tech that creates a secure connection over a less secure network
• IPSec: Protocol suite used to secure IP communication by authenticating and encrypting each IP packet in a data stream.

Question 21

What is a SSL?

Answer 21

Secure Socket Layer
An encryption based internet security protocol.

Question 22

What is a TLS?

Answer 22

Transport Layer Security
An encryption based internet security protocol. Evolved from SSL

Question 23

What are ways to secure data in use?

Answer 23

• Application level encryption
• Access Controls
• Secure Enclaves
• Intel Software Guards

Question 24

What is a regulated data type?

Answer 24

Information controlled by laws, regulation, or industry standards.

Question 25

What are trade secrets?

Answer 25

Type of confidential business information that provide a company with a competitive advantage

Question 26

What is intellectual property?

Answer 26

Creations of the mind such as inventions, literary and artistic work, etc.

Question 27

What is legal information?

Answer 27

Data related to legal proceedings, contracts, or regulatory compliance.

Question 28

What is financial information?

Answer 28

Data related to an organizations financial transactions.

Question 29

What is human-readable data?

Answer 29

Data that can be read by humans without machines or other forms of assistance

Question 30

What is non-human-readable data?

Answer 30

Data that can be read by humans without the assistance of a machine or software

Question 31

What is data sovereignty?

Answer 31

The concept that digital information is subject to the laws of the country it originated from.

Question 32

What are ways of securing data?

Answer 32

- Geofencing - Encryption - Hashing - Masking - Tokenization - Obfuscation - Segmentation - Permissions restrictions

Question 33

What is Data Loss Prevention(DLP)?

Answer 33

A setup that monitors data in a system throughout the various states(rest, transit, use)

Question 34

What is endpoint DLP?

Answer 34

Software installed on a workstation or laptop that monitors the data that 's in use on that computer

Question 35

What is network DLP?

Answer 35

Software installed on a network to detect data in transit.

Question 36

What is storage DLP?

Answer 36

Software installed on a server that inspects data at rest.

Question 37

What is a cloud-based DLP system?

Answer 37

Usually a SAAS that is apart of the cloud service.