Domain 2: Asset Security Flashcards

1
Q

Considerations for an Assets value

A
Value to organization
Loss if compromised
Legislative drivers
(-) Liabilities
Value to competitors
Acquisition Costs
Etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data Classification

A

Development of sensitivity labels for data and the assignment of those labels for the purpose of configuration baseline security based on value of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3 C’s for Classification

A

Cost (Value)
Classify (Criteria for classification)
Controls (Determining the baseline security config for each)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Who Determines data classification

A

Data owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Who maintains the data

A

Data Custodian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Sensitivity

A

Amount of damage that would be done should the information be disclosed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Criticality

A

Time sensitivity of the data. Usually driven by the understanding of how much revenue a specific asset generates, and without that asset, there will be lost revenue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

States of Data

A

Data at rest, in process, in transit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data at rest

A

Data that is being stored, often encrypted

How its secured: File System Encryption, EFS, TPM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data in Process

A

Data that is being used

How is it secured: No easy way, could encrypt in RAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data In Transit

A

Data moving across the network

How is it secured: SSL/TLS, IPSec, SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Unauthorized usage/access

A

prevention: strong authentication, encryption, obfuscation, anonymization, tokenization, masking, organizational policies and layered defense

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Liability due to noncompliance

A

Prevention: Due care and due diligence, Service Level Agreements (SLAs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

DoS and DDoS

A

Prevention: Redundancy and data dispersion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Corruption, modification, destruction of data

A

Prevention: hashes/digitally signed files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Data Leakage and Breaches

A

prevention: Digital Loss Prevention (DLP)

17
Q

Theft or accidental media loss

A

prevention: TPM

18
Q

Malware attack

A

prevention: anti-malware

19
Q

Protecting data moving to and out of the cloud

A

SSL/TLS, IPSec, SSH

20
Q

Protecting data in the cloud

A

Encryption

21
Q

Detection of Data Migration to the Cloud

A

DLP

22
Q

Data Dispersion

A

data is replicated in multiple physical locations across the cloud

23
Q

Data Fragmentation

A

Splitting data into smaller fragments and distributing them across a large number of machines

24
Q

Cryptoshredding

A

Renders data remnants in the cloud inaccessible; use publicly known strong encryption and destroy the key

25
Q

Obfuscation

A

process of hiding, replacing, or omitting sensitive information

26
Q

Masking

A

Process of specific characters to hide certain parts of a specific dataset

27
Q

Data Anonymization

A

Process of encrypting or removing PII from data sets, so that the people who the data describe remain anonymous

28
Q

Tokenization

A

Public cloud service can be integrated and paired with a private cloud that stores sensitive data. Data sent to public cloud is altered and contains a reference to the data in the private cloud

29
Q

Scoping

A

Limiting what information is stored - the less that is stored the less that is needed to protect.

30
Q

Determining how to sanitize media

A

What Kind of media?
Confidentiality of the media?
Will media be processed in controlled area?
Should sanitizing be internal or external?
Volume of media to be sanitized?
Availability of equipment and tools?

31
Q

Data disposal

A

Clearing - overwriting the data, multiple times
Purging - Degaussing (magnets), becomes unusable
Destruction - Physical destruction

32
Q

End of service (EOS)

A

Company no longer supports a product

33
Q

End of Life (EOL)

A

Company no longer sells a product

34
Q

Erasing Data

A

Likely to leave some data on a hard drive

35
Q

Clearing Data (Overwriting)

A

overwrites disk in 3 passes

36
Q

Purging data

A

More intense method of clearing and repeats process multiple times