Data Protection Flashcards
What is the importance of data classification?
Helps allocate appropriate protection resources and prevents over-classification to avoid excessive costs
Requires proper policies to identify and classify data accurately
What type of data is classified as public?
No impact if released; often publicly accessible data
What defines sensitive data?
Minimal impact if released, e.g., financial data
What information is contained in private data?
Internal personnel or salary information
What does confidential data hold?
Trade secrets, intellectual property, source code, etc.
What characterizes critical data?
Extremely valuable and restricted information
Fill in the blank: Sensitive data has _______ impact if released.
minimal
True or False: Public data has a significant impact if released.
False
Fill in the blank: Critical data is characterized as extremely _______ and restricted information.
valuable
What is Data Ownership?
Process of identifying the individual responsible for maintaining the confidentiality, integrity, availability, and privacy of information assets
Data ownership is crucial for accountability in data management.
Who is a Data Owner?
A senior executive responsible for labeling information assets and ensuring they are protected with appropriate controls
Data owners play a critical role in establishing data protection policies.
What does a Data Controller do?
Entity responsible for determining data storage, collection, and usage purposes and methods, as well as ensuring the legality of these processes
Data controllers are key in compliance with data protection laws.
Define Data Processor.
A group or individual hired by the data controller to assist with tasks like data collection and processing
Data processors must operate under the instructions of the data controller.
What is the role of a Data Steward?
Focuses on data quality and metadata, ensuring data is appropriately labeled and classified, often working under the data owner
Data stewards help maintain data integrity and usability.
What responsibilities does a Data Custodian have?
Responsible for managing the systems on which data assets are stored, including enforcing access controls, encryption, and backup measures
Data custodians are essential for operational data security.
What does a Privacy Officer oversee?
Oversees privacy-related data, such as personally identifiable information (PII), sensitive personal information (SPI), or protected health information (PHI), ensuring compliance with legal and regulatory frameworks
Privacy officers are crucial for protecting individual privacy rights.
Who should be designated as Data Owners?
Data owners should be designated within their respective departments based on their knowledge of the data and its significance within the organization
Data owners are responsible for the management and oversight of data assets.
What does Full Disk Encryption (FDE) do?
Data At Rest
Encrypts the entire hard drive
FDE provides comprehensive data protection by encrypting all data on the disk.
What is the purpose of Partition Encryption?
Data At Rest
Encrypts specific partitions, leaving others unencrypted
Useful for protecting sensitive data while allowing access to other data.
What does File Encryption accomplish?
Data At Rest
Encrypts individual files
This method is ideal for securing specific documents or files.
What is the function of Volume Encryption?
Data At Rest
Encrypts selected files or directories
Allows for targeted encryption without affecting the entire disk.
What is Database Encryption?
Data At Rest
Encrypts data stored in a database at column, row, or table levels
Protects sensitive information within databases from unauthorized access.
What does Record Encryption do?
Data At Rest
Encrypts specific fields within a database record
This provides granular control over which data is protected.
What is the definition of Data at Rest?
Data stored in databases, file systems, or storage systems, not actively moving.
What is Data in Transit?
Data actively moving from one location to another, vulnerable to interception.
What are Transport Encryption Methods?
Methods used to secure data during transmission, including:
* SSL (Secure Sockets Layer)
* TLS (Transport Layer Security)
* VPN (Virtual Private Network)
* IPSec (Internet Protocol Security)
What does SSL stand for?
Secure Sockets Layer.
What is the purpose of TLS?
Secure communication over networks, widely used in web browsing and email.
What is the function of a VPN?
Creates secure connections over less secure networks like the internet.
What does IPSec secure?
Secures IP communications by authenticating and encrypting IP packets.
True or False: Data in Transit is not vulnerable to interception.
False.
What does ‘Data in Use’ refer to?
Data actively being created, retrieved, updated, or deleted
Data in use protection measures?
- Encryption at the application level
- Access Control
- Scure Enclaves
- INTEL software Guard
INTEL software Guard encryupts dat in memory to prevent unautherized access
What are the Data Types
- Regulated Data
- PII
- PHI
- Trade Secrets
- Intellectual Property (IP)
- Legal Information
- Financial Information
- Human Readable
- Non-Human Readable
What is Data Sovereignty?
Digital information subject to laws of the country where it’s located
Data sovereignty emphasizes that data is governed by the legal frameworks of the nation in which it resides.
What does GDPR stand for?
General Data Protection Regulation
GDPR is a regulation in EU law on data protection and privacy.
What is the primary purpose of GDPR?
Protects EU citizens’ data within EU and EEA borders
GDPR ensures that individuals have control over their personal data.
Is compliance with GDPR required regardless of data location?
Yes
Organizations outside the EU that process data of EU citizens must comply with GDPR.
What are Geographic Restrictions?
Virtual boundaries to restrict data access based on location
Also known as geofencing.
What is Encryption?
Transform plaintext into ciphertext using algorithms and keys
Essential for data security.
What is Hashing commonly used for?
Password storage
A method to secure passwords by converting them into a fixed-size string.
What does Masking do?
Replace some or all data with placeholders (e.g., ‘x’)
Used to protect sensitive information in non-production environments.
What is Tokenization?
Replace sensitive data with non-sensitive tokens
* Original data stored securely in a separate database
* Often used in payment processing for credit card protection
Helps in reducing the risk of data breaches.
What is Obfuscation?
Make data unclear or unintelligible
Used to protect sensitive information from unauthorized access.
What is Segmentation in network security?
Divide network into separate segments with unique security controls
* Prevent lateral movement in case of a breach
Enhances security by limiting access and exposure.
What are Permission Restrictions?
Define data access and actions through ACLs or RBAC
Access Control Lists (ACLs) and Role-Based Access Control (RBAC) are common methods.
What is an Endpoint DLP System?
Installed as software on workstations or laptops, monitors data in use on individual computers, can prevent or alert on file transfers based on predefined rules.
What does a Network DLP System focus on?
Monitoring data entering and leaving the network, detects unauthorized data leaving the network.
Where is a Storage DLP System installed?
Installed on a server in the data center, inspects data at rest, especially encrypted or watermarked data.
What is the primary function of a Cloud-Based DLP System?
Protects data stored in cloud services.
True or False: An Endpoint DLP System can prevent file transfers based on predefined rules.
True
Fill in the blank: A Storage DLP System monitors data _______.
[at rest]
What type of DLP System is installed as software on individual computers?
Endpoint DLP System
What type of DLP System is placed at the network perimeter?
Network DLP System
What does a Storage DLP System flag?
Policy violations
Fill in the blank: A Cloud-Based DLP System is offered as a _______.
[software-as-a-service solution]
