Domain 2 - Asset Security Flashcards
Domain 2
Chapter 5
Erasing
data is typically recoverable
Clearing (overwritting)
preparing media for reuse and ensuring data can not be covered using traditional recovery tools
Purging
more intense form of clearing
Destruction
Most secure method of sanitizing media
Data owner
senior management can delegate some day-to-day duties .. cannot delegate responsibility
Data custodian
Usually someone in the IT department
data administrators
responsible for granting appropriate access to personnel
User
any person who accesses data via a computing device to accomplish work tasks.
Business/ mission owners
can overlap with responsibilities of the system owner or the same role
Asset owners
owns asset or system that processes sensitive data and associated security plans
GDPR
General Data Protection Regulation
GDPR Roles
data processor - natural or legal person, public authority, agency, or other body, which processes personal data solely on behalf of the data controller
data controller - person or entity that controls processing of the data
Data transfer - GDPR restricts data transfers to countries outside the EU.
Steps to reduce or eliminate GDPR requirements
Anonymization - the process of removing all relevant data so that it is impossible to identify original subject or person.
Pseduonymization - process of using pseudonyms (aliases) to represent the other data.
Security baselines
Controls in the baseline are recommended if a loss of confidentiality, integrity, or availability will have a ____ impack on the organization’s mission.
Low-impact baseline - Low
Moderate-impact baseline - moderate
High-impact - high impact
Privacy control baseline - Provides an initial baseline for any systems that process PII.
