Domain 2 Flashcards

1
Q

Data Lifecycle

A

Create > Store > Use > Share > Archive > Destroy

No classifying

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Information Lifecycle

A

Create > Classify > Store > Use > Archive > Destroy

No sharing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data Security Controls
(5 types)

A
  1. Marking, label, handle, Classify
  2. Handling
  3. Destruction
  4. Retention
  5. Tape Backup Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Data Destruction Methods
(5 types)

A
  1. Erasing: performing the Delete operation (typically recoverable)
  2. Clearing (Overwrite): Preparing media for re-use and ensure data cant be recovered
  3. Purging: More intense clearing, for reuse in less secure envs
  4. Degausing: erasing via strong magnetic field
  5. Destruction: physically destroying media (Most secure)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Security Controls Baseline

A

Listing of controls that an org can apply as a baseline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data Protection

A

Confidentiality is often protected thru encryption at rest and transport

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data Classification
Non-Government (public)

A

Class 3: Confidential / Proprietary
- Exceptionally severe damage

Class 2: Private
- Serious Damage

Class 1: Sensitive
- Damage

Class 0: Public
- No Damage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data Classification
Government

A

Class 3: Top Secret
- Exceptionally severe damage

Class 2: Secret
- Serious Damage

Class 1: Confidential
- Damage

Class 0: Unclassified
- No Damage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Sensitive Data

A

Any info that is NOT public or unclassified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Personally Identifiable Info (PII)

A

any info that can ID an individual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Protected Health Info (PHI)

A

Health info related to a specific person

  • Covered by HIPAA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Data Roles
Data Owner

A

Usually in Senior Mgmt can delegate some day to day duties. Cannot delegate total responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Data Roles
Data Custodian

A

Usually in IT Dept. Does NOT decide which controls are needed, but implements them

TIP if ?’s mention “Day to day” duties it means the custodian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Data Roles
Data Administrator

A

Grants access to personell via RBAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Data Roles
User

A

Anyone who access the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Data Roles
Business / Mission Owner

A

Overlaps or is same as system owner

17
Q

Data Roles
Asset Owner

A

Owns the asset that processes sensitive data and related security plans

18
Q

GDPR Terms
Data Processor

A

Natural / legal person, public authority, agency, or body which processes personal data soley on behalf of the data controller

19
Q

GDPR Terms
Data Controller

A

Person / entity that controls processing of the data

20
Q

GDPR Terms
Data Transfer

A

GDPR restricts transfers to countries outside of EU

21
Q

GDPR Terms
Anonymization

A

Removing all relevant data so it is impossible to ID original person

If done correctly, GDPR is no longer relevant

22
Q

GDPR Terms
Pseudonymization

A

Using aliases to represent the data

  • Can make less stringent regulations
  • Use if you need the data, but reduce exposure
  • Make sure the alias mapping is secured