Domain 2 Flashcards
DLP Challenge
Use of encryption for data in transit
Data flow diagrams (DFDs)
data lifespan info is not included
Dataflow diagrams are a critical part of organizational understanding of how data is created, moves, and is used throughout an organization. They often include details like ports, protocols, data elements and classification, and other details that can help you understand not only where data is, but how it gets there and what data is in use
Data types, fields or names, services, systems, ports, protocols, and security details are all commonly included in dataflow diagrams.
Data dispersion risk
If data is spread across multiple cloud providers, there is a possibility that an outage at one provider will make the dataset unavailable to users, regardless of location
Data labelling at creation and
in-use - if data changes
The Use phase of the data lifecycle often includes modification of data, and thus will require labels to change or be added.
Ephermal data - 45days
Ephemeral data is often kept for shorter time periods like 45 days, a time period sufficient to allow investigations without building up large volumes of data that will not be used and which can be expensive to store. Longer-term storage may be required by law or contracts or due to specific contractual requirements
Cryptoshredding
securely erasing all copies of the encryption key is all that it takes to complete the destruction process for crypto-shredding.
IRM ( Information rights management)
. Information rights management systems typically rely on certificates to identify systems.
log data - long term storage
Long-term storage is storage that is intended to continue to exist and is often used for logs or data storage
Ephermal storage
Storage that is associated with an instance that will be destroyed when the instance is shut down is ephemeral storage.
Raw storage
Volume-based storage
Raw storage is storage that you have direct access to like a hard drive or an SSD that has access to the underlying device.
Volume-based storage is storage allocated as a virtual drive or device within the cloud.
Secret management best practices
OWASPs Secrets Management Cheatsheet describes three main requirements for “break-glass” secrets backup environments: ensuring automated backups are in place and executed regularly based on the number of secrets and their lifecycle, frequently testing the restore procedures, and encrypting backups and placing them on secure, monitored storage.
DLP Tagging
Tags are an important tool when working with ephemeral systems. While IP addresses may be reused and administrative accounts are likely to be the same across systems, tags can be unique, allowing events to be tracked to an instance. The system’s deletion time should be logged, as should the time it is instantiated, but this obviously wouldn’t be in every log event created by the machine.
Dispersion
Dispersion is the concept of ensuring that data is in multiple locations so that a single failure, event, or loss cannot result in the destruction or loss of the data.
Deduplication
Deduplication involves removing duplicates from a data set;
collision
Two different files should never generate the same output—this is known as a collision and is not acceptable in a hashing algorithm.
