DOMAIN 5 - GOVERNANCE DOMAINS, SIX PHASES OF DATA SECURITY LIFECYCLE

Question 1

Ensuring the use of data and information complies with organizational policies, standards and strategy —
including regulatory, contractual, and business objectives.

Answer 1

information/data governance

Question 2

refers to who is managing the data

Answer 2

Custodianship

Question 3

This is frequently tied to compliance and affects cloud destinations and handling requirements.

Answer 3

Information Classification

Question 4

These tie to classification and the cloud needs to be added if you have them. They should also cover the different SPI tiers, since sending data to a SaaS vendor
versus building your own IaaS app is very different

Answer 4

Information Management Policies

Question 5

Your organization is always responsible for data and information and that can’t be abrogated when moving to the cloud

Answer 5

Ownership

Question 6

______is a sum of regulatory requirements, contractual obligations, and commitments to customers (e.g. public statements).

Answer 6

Privacy

Question 7

________are the tool to implement data governance.

Answer 7

Security controls

Question 8

_______is the generation of new digital content, or the alteration/updating/modifying of existing content.

Answer 8

Create

Question 9

_________is the act committing the digital data to some sort of repository and typically occurs nearly
simultaneously with creation.

Answer 9

Store

Question 10

Data is viewed, processed, or otherwise_____ in some sort of activity, not including modification.

Answer 10

Use

Question 11

Information is made accessible to others, such as between users, to customers, and to partners.

Answer 11

Share

Question 12

Data leaves active use and enters long-term storage.

Answer 12

Archive

Question 13

Data is permanently destroyed using physical or digital means (e.g.,_______).

Answer 13

cryptoshredding

Question 14

This can be illustrated by thinking of the lifecycle not as a single, linear operation, but as a series of smaller lifecycles running in different operating environments. At nearly any phase data can move into, out of, and between these environments

Answer 14

Locations

Question 15

When users know where the data lives and how it moves, they need to know who is accessing it and how. There are two factors here:
* Who accesses the data?
* How can they access it (device and channel)?

Answer 15

Entitlements

Question 16

_______the data, including creating, copying, file transfers, dissemination, and other exchanges of information

Answer 16

Read

Question 17

Perform a transaction on the data; update it

Answer 17

Process

Question 18

Hold the data (in a file, database, etc.).

Answer 18

Store

Question 19

An ______ (person, application, or system/process, as opposed to the access device) performs each
function in a location.

Answer 19

actor

Question 20

_______restricts a list of possible actions down to allowed actions. The table below shows one way to list the possibilities, which the user then maps to controls.

Answer 20

Controls

Question 21

Ensure information ________ policies and practices extend to the cloud. This will be done through contractual and security controls.

Answer 21

governance