Data Protection

Question 1

Define data protections

Answer 1

Safeguarding information from corruption, compromise, or loss

Question 2

Data classifications Types

Answer 2

 Sensitive
 Confidential
 Public
 Restricted
 Private
 Critical

Question 3

Data Ownership Roles

Answer 3

 Data Owners
 Data Controllers
 Data Processors

Question 4

Data states:

Answer 4

 Data at rest
 Data in transit
 Data in use

Question 5

Securing Data Methods

Answer 5

 Geographic Restrictions
 Encryption
 Hashing
 Masking
 Tokenization

Question 6

Obfuscation

Answer 6

 Segmentation
 Permission Restriction

Question 7

Importance of Data Classification

Answer 7

 Helps allocate appropriate protection resources
 Prevents over-classification to avoid excessive costs
 Requires proper policies to identify and classify data
accurately

Question 8

Commercial Business Classification Levels

Answer 8

1: Public
 No impact if released; often publicly accessible data

2: Sensitive
 Minimal impact if released, e.g., financial data

3: Private
 Contains internal personnel or salary information

4: Confidential
 Holds trade secrets, intellectual property, source code, etc.

5: Critical
 Extremely valuable and restricted information

Question 9

Government Classification Levels

Answer 9

1: Unclassified
 Generally releasable to the public

2: Sensitive but Unclassified
 Includes medical records, personnel files, etc.

3: Confidential
 Contains information that could affect the government

4: Secret
 Holds data like military deployment plans, defensive
postures

5: Top Secret
 Highest level, includes highly sensitive national security
information

Question 10

Define:
Data ownership
Data owner
Data controller
Data processor
Data steward
Data custodian
Privacy officer
Data ownership responsibility

Answer 10

Data Ownership
 Process of identifying the individual responsible for
maintaining the confidentiality, integrity, availability,
and privacy of information assets

Data Owner
 A senior executive responsible for labeling information
assets and ensuring they are protected with
appropriate controls

Data Controller
 Entity responsible for determining data storage,
collection, and usage purposes and methods, as well as
ensuring the legality of these processes

Data Processor
 A group or individual hired by the data controller to
assist with tasks like data collection and processing

Data Steward
 Focuses on data quality and metadata, ensuring data is
appropriately labeled and classified, often working
under the data owner

Data Custodian
 Responsible for managing the systems on which data
assets are stored, including enforcing access controls,
encryption, and backup measures

Privacy Officer
 Oversees privacy-related data, such as personally
identifiable information (PII), sensitive personal
information (SPI), or protected health information (PHI),
ensuring compliance with legal and regulatory
frameworks

Data Ownership Responsibility
 The IT department (CIO or IT personnel) should not be
the data owner; data
owners should be individuals from the business side
who understand the data’s content and can make
informed decisions about classification

Question 11

Data at rest and encryption methods:

Answer 11

Data at Rest
 Data stored in databases, file systems, or storage
systems, not actively moving

Encryption Methods:
1: Full Disk Encryption (FDE)
 Encrypts the entire hard drive

2: Partition Encryption
 Encrypts specific partitions, leaving others unencrypted

3: File Encryption
 Encrypts individual files

4: Volume Encryption
 Encrypts selected files or directories

5: Database Encryption
 Encrypts data stored in a database at column, row, or
table levels

6: Record Encryption
 Encrypts specific fields within a database record

Question 12

Data in transit (in motion) and encryption methods:

Answer 12

Data in Transit (Data in Motion)
 Data actively moving from one location to another, vulnerable to interception

Encryption methods:
1: Transport Encryption Methods
 SSL (Secure Sockets Layer) and TLS (Transport Layer
Security)

 Secure communication over networks, widely used in
web browsing and email

2: VPN (Virtual Private Network)
 Creates secure connections over less secure networks like the internet

3: IPSec (Internet Protocol Security)
 Secures IP communications by authenticating and
encrypting IP packets

Question 13

Data in use and encryption methos

Answer 13

Data in Use
 Data actively being created, retrieved, updated, or
deleted

Encryption / protection methods:
1: Encryption at the Application Level
 Encrypts data during processing

2: Access Controls
 Restricts access to data during processing

3: Secure Enclaves
 Isolated environments for processing sensitive data

4: Mechanisms like INTEL Software Guard
 Encrypts data in memory to prevent unauthorized
access

Question 14

Data types

Answer 14

 Regulated Data
- Compliance requirements
- General Data Protection Regulation (GDPR)
- Health Insurance Portability and Accountability Act
(HIPAA)

 PII (Personal Identification Information)

 PHI (Protected Health Information)

 Trade Secrets

 Intellectual Property (IP)

 Legal Information

 Data related to legal proceedings, contracts, regulatory
compliance
* Requires high-level protection for client confidentiality and legal privilege

 Financial Information

 Human-Readable Data
- Understandable directly by humans (e.g., text documents,
spreadsheets)

 Non-Human-Readable Data
- Requires machine or software to interpret (e.g., binary
code, machine language)
- Contains sensitive information and requires protection

Question 15

Data soverignty

Answer 15

 Digital information subject to laws of the country where
it’s located

 Gained importance with cloud computing’s global data
storage

Question 16

GDPR (General Data Protection Regulation)

Answer 16

 Protects EU citizens’ data within EU and EEA borders
 Compliance required regardless of data location
 Non-compliance leads to significant fines

Question 17

8 ways to secure data

Answer 17

1: Geographic Restrictions (Geofencing)
o Virtual boundaries to restrict data access based on
location
 Compliance with data sovereignty laws
 Prevent unauthorized access from high-risk locations

2: Encryption
 Transform plaintext into ciphertext using algorithms
and keys
 Protects data at rest and in transit
 Requires decryption key for data recovery

3: Hashing
 Converts data into fixed-size hash values
 Irreversible one-way function
 Commonly used for password storage

4: Masking
 Replace some or all data with placeholders (e.g., “x”)
 Partially retains metadata for analysis
 Irreversible de-identification method

5: Tokenization
 Replace sensitive data with non-sensitive tokens
 Original data stored securely in a separate database
 Often used in payment processing for credit card
protection

6: Obfuscation
 Make data unclear or unintelligible
 Various techniques, including encryption, masking, and
pseudonyms

7: Segmentation
 Divide network into separate segments with unique
security controls
 Prevent lateral movement in case of a breach
 Limits potential damage

8 Permission Restrictions
 Define data access and actions through ACLs or RBAC
 Restrict access to authorized users
 Reduce risk of internal data breaches

Question 18

Data Loss Prevention (DLP)

Answer 18

o Aims to monitor data in use, in transit, or at rest to detect and prevent data theft

o DLP systems are available as software or hardware solutions

Question 19

Types of DLP Systems

Answer 19

1: Endpoint DLP System
 Installed as software on workstations or laptops
 Monitors data in use on individual computers
 Can prevent or alert on file transfers based on
predefined rules

2: Network DLP System
 Software or hardware placed at the network perimeter
 Focuses on monitoring data entering and leaving the
network
 Detects unauthorized data leaving the network

3: Storage DLP System
 Installed on a server in the data center
 Inspects data at rest, especially encrypted or
watermarked data
 Monitors data access patterns and flags policy
violations

4: Cloud-Based DLP System
 Offered as a software-as-a-service solution
 Protects data stored in cloud services