Data Protection Methods Flashcards

1
Q

Randomized Masking

A

Swapping subject identifying data around between columns and rows so no one can be identified but data can still be used in aggregate. Can’t be reversed since there is no key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Pseudonymization

A

Swaps identifying data with a code/subject ID or pseudonym. The mapping of code to personal information is kept in a separate database. Can be reversed using the key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Tokenization

A

An authorizing party creates a code or token to represent sensitive data for a specific limited purpose. Example is credit card token where the credit card token created by the card company is used and the actual card number is not disclosed to the POS system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Anonymization

A

Removal of personal information from data set.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Data Roles (7)

A

Owner: responsible for data including classification and assigning protections to it. Decides appropriate use, security controls for systems storing the data, who has access.

Asset/System Owners: Develops security plan in collaboration with Owner. Ensures users receive security training. Helps identify security controls with owner. May be the same person as the Data Owner.

Business/Mission Owner: can be the same or overlap with the System Owner. It owns the business process that may include multiple system that have other System and Data owners.

Data Processors/Controllers: Processes data for a data controllers.

Data Custodians: Are delegated tasks of protecting data by Data owners. Handle day to day tasks

Administrators: Staff with elevated access used to make administrative changes to systems.

Users/Subjects: Someone/thing that has access to computing systems and data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly