Domain 2: Asset Security

Question 1

Considerations for an Assets value

Answer 1

Value to organization
Loss if compromised
Legislative drivers
(-) Liabilities
Value to competitors
Acquisition Costs
Etc.

Question 2

Data Classification

Answer 2

Development of sensitivity labels for data and the assignment of those labels for the purpose of configuration baseline security based on value of data

Question 3

3 C’s for Classification

Answer 3

Cost (Value)
Classify (Criteria for classification)
Controls (Determining the baseline security config for each)

Question 4

Who Determines data classification

Answer 4

Data owner

Question 5

Who maintains the data

Answer 5

Data Custodian

Question 6

Sensitivity

Answer 6

Amount of damage that would be done should the information be disclosed

Question 7

Criticality

Answer 7

Time sensitivity of the data. Usually driven by the understanding of how much revenue a specific asset generates, and without that asset, there will be lost revenue

Question 8

States of Data

Answer 8

Data at rest, in process, in transit

Question 9

Data at rest

Answer 9

Data that is being stored, often encrypted

How its secured: File System Encryption, EFS, TPM

Question 10

Data in Process

Answer 10

Data that is being used

How is it secured: No easy way, could encrypt in RAM

Question 11

Data In Transit

Answer 11

Data moving across the network

How is it secured: SSL/TLS, IPSec, SSH

Question 12

Unauthorized usage/access

Answer 12

prevention: strong authentication, encryption, obfuscation, anonymization, tokenization, masking, organizational policies and layered defense

Question 13

Liability due to noncompliance

Answer 13

Prevention: Due care and due diligence, Service Level Agreements (SLAs)

Question 14

DoS and DDoS

Answer 14

Prevention: Redundancy and data dispersion

Question 15

Corruption, modification, destruction of data

Answer 15

Prevention: hashes/digitally signed files

Question 16

Data Leakage and Breaches

Answer 16

prevention: Digital Loss Prevention (DLP)

Question 17

Theft or accidental media loss

Answer 17

prevention: TPM

Question 18

Malware attack

Answer 18

prevention: anti-malware

Question 19

Protecting data moving to and out of the cloud

Answer 19

SSL/TLS, IPSec, SSH

Question 20

Protecting data in the cloud

Answer 20

Encryption

Question 21

Detection of Data Migration to the Cloud

Answer 21

DLP

Question 22

Data Dispersion

Answer 22

data is replicated in multiple physical locations across the cloud

Question 23

Data Fragmentation

Answer 23

Splitting data into smaller fragments and distributing them across a large number of machines

Question 24

Cryptoshredding

Answer 24

Renders data remnants in the cloud inaccessible; use publicly known strong encryption and destroy the key

Question 25

Obfuscation

Answer 25

process of hiding, replacing, or omitting sensitive information

Question 26

Masking

Answer 26

Process of specific characters to hide certain parts of a specific dataset

Question 27

Data Anonymization

Answer 27

Process of encrypting or removing PII from data sets, so that the people who the data describe remain anonymous

Question 28

Tokenization

Answer 28

Public cloud service can be integrated and paired with a private cloud that stores sensitive data. Data sent to public cloud is altered and contains a reference to the data in the private cloud

Question 29

Scoping

Answer 29

Limiting what information is stored - the less that is stored the less that is needed to protect.

Question 30

Determining how to sanitize media

Answer 30

What Kind of media?
Confidentiality of the media?
Will media be processed in controlled area?
Should sanitizing be internal or external?
Volume of media to be sanitized?
Availability of equipment and tools?

Question 31

Data disposal

Answer 31

Clearing - overwriting the data, multiple times
Purging - Degaussing (magnets), becomes unusable
Destruction - Physical destruction

Question 32

End of service (EOS)

Answer 32

Company no longer supports a product

Question 33

End of Life (EOL)

Answer 33

Company no longer sells a product

Question 34

Erasing Data

Answer 34

Likely to leave some data on a hard drive

Question 35

Clearing Data (Overwriting)

Answer 35

overwrites disk in 3 passes

Question 36

Purging data

Answer 36

More intense method of clearing and repeats process multiple times