DOMAIN 5 - GOVERNANCE DOMAINS, SIX PHASES OF DATA SECURITY LIFECYCLE Flashcards
Ensuring the use of data and information complies with organizational policies, standards and strategy —
including regulatory, contractual, and business objectives.
information/data governance
refers to who is managing the data
Custodianship
This is frequently tied to compliance and affects cloud destinations and handling requirements.
Information Classification
These tie to classification and the cloud needs to be added if you have them. They should also cover the different SPI tiers, since sending data to a SaaS vendor
versus building your own IaaS app is very different
Information Management Policies
Your organization is always responsible for data and information and that can’t be abrogated when moving to the cloud
Ownership
______is a sum of regulatory requirements, contractual obligations, and commitments to customers (e.g. public statements).
Privacy
________are the tool to implement data governance.
Security controls
_______is the generation of new digital content, or the alteration/updating/modifying of existing content.
Create
_________is the act committing the digital data to some sort of repository and typically occurs nearly
simultaneously with creation.
Store
Data is viewed, processed, or otherwise_____ in some sort of activity, not including modification.
Use
Information is made accessible to others, such as between users, to customers, and to partners.
Share
Data leaves active use and enters long-term storage.
Archive
Data is permanently destroyed using physical or digital means (e.g.,_______).
cryptoshredding
This can be illustrated by thinking of the lifecycle not as a single, linear operation, but as a series of smaller lifecycles running in different operating environments. At nearly any phase data can move into, out of, and between these environments
Locations
When users know where the data lives and how it moves, they need to know who is accessing it and how. There are two factors here:
* Who accesses the data?
* How can they access it (device and channel)?
Entitlements