Domain 2: Asset Security Flashcards
Sensitive Data
any info that isn’t public or unclassified
PII
Personal Identifiable Information - any info that can be used to distinguish or trace an individuals identity
PHI
Protected Health Information - any health info that can be related to a specific person
Proprietary Data
any data that helps an org maintain a competitive edge
DLP Server
Data Loss Prevention Server, emails pass through, detects labels on data or applies necessary security measurs
Data at Rest
data stored on media
Data in Transit
data in motion, data transmitted over a network
Data in use
data in temporary storage buffers while an application is using it
Handling
secure transportation of media through its lifetime
Data Remanence
The data that remains on a hard drive as a residual magnetic flux
How to remove data remanence
degausser for magnetic media, not SSDs. Use destruction to a size of 2 mm
Erasing
deleting files, remains on the drive until space runs out
Clearing
prepare media for reuse and assure the cleared data cannot be recovered
Purging
more intense form of clearing, repeat clearing or combine with another process
Declassification
any process that purges media or a system in preparation for reuse in an unclass environment
Sanitization
combination of processes that removes data from a system of from media ensuring it cannot be recovered by any means
Degaussing
create a strong magnetic field that erases data on magnetic media
Which protocol do most HTTPS transmissions use?
TLS - Transport Layer Security
What was the predecessor to TLS?
SSL - Secure Sockets Layer but it is susceptible to the POODLE attack
What does a VPN use?
IPsec combined with L2TP
Which protocols would be used to protect data in transit on internal networks?
IPsec and SSH (Secure Shell)
What are secure protocols used to transfer encrypted files over a network?
SCP (Secure Copy) and SFTP (Secure File Transfer Protocol)
This person has the ultimate org responsibility for the data
data owner - typically CEO
This person owns the system that processes sensitive data
System Owner
This person is usually the PM
Business/Mission Owner
Data processor
a natural or legal person which processes personal data solely on behalf of the data controller
This person is responsible for granting appropriate access to personnel
Admins
This person handles day to day tasks usually assigned by data owner
custodian