Domain 2 - Asset Security Flashcards
Data Value Criteria
Value, age, useful life, personal association
Government, military
Unclassified, Sensitive but unclassified, Confidential, Secret, Top Secret
Private sector
Public, Company Confidential, Private, Confidential, Sensitive
CIRTs
Cyber Incident Response Team
Data System Owners
Select security controls
Data Administrators
Assign permission to access and handle data
Data Auditor
Examines security controls
Quality Control (QC)
Assessment of quality based on internal standards
Quality Assurance (QA)
Assessment of quality based on standards external to the process and
involves reviewing of the activities and quality control processes.
Sanitizing
Series of processes that removes data, ensures data is unrecoverable by any means.
Removing a computer from service and disposed of. All storage media removed or destroyed.
Erasing
Deletion of files or media, removes link to file, least effective
Overwriting/wiping/shredding
Overwrites with pattern, may miss
Zero fill
Wipe a drive and fill with zeros
Clearing
Prepping media for reuse at same level. Removal of sensitive data from storage devices in
such a way that the data may not be reconstructed using normal system functions or utilities. May be
recoverable with special lab equipment. Data just overwritten.
Purging
More intense than clearing. Media can be reused in lower systems. Removal of sensitive
data with the intent that the data cannot be reconstructed by any known technique