Domain 2 Flashcards
Data Lifecycle
Create > Store > Use > Share > Archive > Destroy
No classifying
Information Lifecycle
Create > Classify > Store > Use > Archive > Destroy
No sharing
Data Security Controls
(5 types)
- Marking, label, handle, Classify
- Handling
- Destruction
- Retention
- Tape Backup Security
Data Destruction Methods
(5 types)
- Erasing: performing the Delete operation (typically recoverable)
- Clearing (Overwrite): Preparing media for re-use and ensure data cant be recovered
- Purging: More intense clearing, for reuse in less secure envs
- Degausing: erasing via strong magnetic field
- Destruction: physically destroying media (Most secure)
Security Controls Baseline
Listing of controls that an org can apply as a baseline
Data Protection
Confidentiality is often protected thru encryption at rest and transport
Data Classification
Non-Government (public)
Class 3: Confidential / Proprietary
- Exceptionally severe damage
Class 2: Private
- Serious Damage
Class 1: Sensitive
- Damage
Class 0: Public
- No Damage
Data Classification
Government
Class 3: Top Secret
- Exceptionally severe damage
Class 2: Secret
- Serious Damage
Class 1: Confidential
- Damage
Class 0: Unclassified
- No Damage
Sensitive Data
Any info that is NOT public or unclassified
Personally Identifiable Info (PII)
any info that can ID an individual
Protected Health Info (PHI)
Health info related to a specific person
- Covered by HIPAA
Data Roles
Data Owner
Usually in Senior Mgmt can delegate some day to day duties. Cannot delegate total responsibility
Data Roles
Data Custodian
Usually in IT Dept. Does NOT decide which controls are needed, but implements them
TIP
if ?’s mention “Day to day” duties it means the custodian
Data Roles
Data Administrator
Grants access to personell via RBAC
Data Roles
User
Anyone who access the data