Data Security Concepts Flashcards

1
Q

What is Information Classification?

A

The process by which organizations assess the information they hold and the level of protection it should be given based on the information’s risk to loss or harm from disclosure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Information Categorization?

A

Labelling information based on its type such as a specific category or other label defined by an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Security Category?

A

Categorization of information or information system based on potential impact of loss of confidentiality, integrity, and availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the necessary steps to categorize information?

A
  • Identify all information types of data (input, stored, processed, output)
  • use defined criteria to assign levels of impact, assign system security category
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which resources are available for classification and categorization?

A
  • NIST SP 800-53 (to develop information classification and categorization systems)
  • NIST SP 800-60 (to map security categories)
  • ISO/IEC 27001 (Information security management)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the most common option to protect data in transit?

A

Using encryption and keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an encryption key?

A

A piece of information in a digitized form used by an encryption algorithm to convert plaintext to cyphertext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the key characteristics of a symmetric key algorithm?

A
  • Encryption using “shared secret” key
  • Used to encrypt and decrypt
  • Only addresses confidentiality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the key characteristics of an asymmetric key algorithm?

A
  • Encrypt using two keys: a public key shared with all users and a private key kept secret to user
  • Keys used in tandem to encrypt/decrypt
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the key characteristics of a hash function?

A
  • unique value derived from message
  • message digest validates the message is not modified
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the key characteristics of Public Key Infrastructure?

A
  • Infrastructure that enables users to exchange data securely in public spaces using private cryptographic key pair from trusted authority
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is SSL?

A

Secure Socket Layers: a cryptographic protocol designed to provide authentication and data encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is TLS?

A

Transport Layer Security: it replaces SSL. It provides communication privacy over the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the characteristics of Secure/Multipurpose Internet Mail Extensions (S/MIME)?

A
  • Electronic messaging application security
  • Authentication
  • Message integrity
  • Non-repudiation of origin
  • Privacy
  • Data security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the five types of certificates for digital signatures and identification?

A

1) Client SSL certificate
2) Server SSL certificate
3) S/MIME certificate
4) Object-signing certificate
5) Certificate Authority (CA) certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are other additional options to provide the security of digital signatures and identification?

A
  • Public key infrastructure (PKI)
  • Certificate chain
  • Digital signatures
  • Non-repudiation