Domain 2 - Asset Security Flashcards

1
Q

Assigning labels to data within an organization. It also identifies the value of data and is critical to protect confidentiality and integrity. This ultimately drives what controls we put in place.

A

Data Classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Government Data Classification Levels

A

Top Secret, Secret, Confidential, Unclassified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Commercial Data Classification Levels

A

Confidential, Private, Sensitive and Public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Responsible for defining data classifications and ensuring systems and data are properly marked.

A

Data Owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Person who owns the system that processes sensitive data. Typically the same person as data owner

A

System Owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Person who assigns permissions based on the principle of least privilege and the need to know.

A

Data Administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

They help protect the integrity and security of data by ensuring it is properly stored and protected.

A

Data Custodian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Any person who accesses data via a computing system to accomplish work tasks.

A

Users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Any information that can identify an individual.

A

Personally Identifiable Information (PII)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Any health related info that can be related to a specific person.

A

Protected Health Information (PHI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data that remains on a hard drive as residual magnetic flux.

A

Data remanence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Simply performing a delete operation against a file, a selection of files, or the entire media.

A

Erasing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A process of preparing media for reuse and assuring that the cleared data cannot be recovered using traditional recovery tools.

A

Clearing, or overwriting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An intense form of clearing that prepares media for reuse in less secure environments.

A

Purging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Involves any process that purges media or a system in preparation for reuse in an unclassified environment.

A

Declassification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A combination of processes that removes data from a system or from media.

A

Sanitization

17
Q

Process to create a strong magnetic field that erases data on some media.

A

Degaussing

18
Q

The final stage in the life cycle of media and is the most secure method of sanitizing media.

A

Destruction

19
Q

Process includes marking, handling, storing and destroying sensitive information.

A

Managing sensitive information

20
Q

They provide a listing of controls that an organization can apply as a baseline for security.

A

Security Control Baselines

21
Q

Run by US Dept of Commerce. The goal is to prevent unauthorized disclosure of information, handled by data processors, and transmitted between data processors and the data controller.

A

Safe Harbor principles

22
Q

Safe Harbor principles

A
  • Notice: An organization must inform individuals about the purposes for which it collects and uses information about them.
  • Choice: An organization must offer individuals the opportunity to opt out.
  • Onward transfer: Organizations can only transfer data to other than organizations that comply with the Notice and Choice principles.
  • Security: Organizations must take reasonable precautions to protect data.
  • Data integrity: Organizations may not use information for purposes other than what they stated in the Notice principle and users selected in the Choice principle. Additionally, organizations should take steps to ensure the data is reliable.
  • Access: Individuals must have access to personal information an organization holds about them. Individuals also have the ability to correct, amend, or delete information, when it is inaccurate.
  • Enforcement: Organizations must implement mechanisms to assure compliance with the principles.
23
Q

A process of identifying and documenting hardware components, software and the associated settings. The goal is to move beyond the original design to a hardened, operationally sound system.

A

Configuration Management. Config management also includes Change management and Patch management.