DOMAIN 5 - GOVERNANCE DOMAINS, SIX PHASES OF DATA SECURITY LIFECYCLE Flashcards

1
Q

Ensuring the use of data and information complies with organizational policies, standards and strategy —
including regulatory, contractual, and business objectives.

A

information/data governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

refers to who is managing the data

A

Custodianship

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

This is frequently tied to compliance and affects cloud destinations and handling requirements.

A

Information Classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

These tie to classification and the cloud needs to be added if you have them. They should also cover the different SPI tiers, since sending data to a SaaS vendor
versus building your own IaaS app is very different

A

Information Management Policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your organization is always responsible for data and information and that can’t be abrogated when moving to the cloud

A

Ownership

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

______is a sum of regulatory requirements, contractual obligations, and commitments to customers (e.g. public statements).

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

________are the tool to implement data governance.

A

Security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

_______is the generation of new digital content, or the alteration/updating/modifying of existing content.

A

Create

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

_________is the act committing the digital data to some sort of repository and typically occurs nearly
simultaneously with creation.

A

Store

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data is viewed, processed, or otherwise_____ in some sort of activity, not including modification.

A

Use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Information is made accessible to others, such as between users, to customers, and to partners.

A

Share

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Data leaves active use and enters long-term storage.

A

Archive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Data is permanently destroyed using physical or digital means (e.g.,_______).

A

cryptoshredding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This can be illustrated by thinking of the lifecycle not as a single, linear operation, but as a series of smaller lifecycles running in different operating environments. At nearly any phase data can move into, out of, and between these environments

A

Locations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When users know where the data lives and how it moves, they need to know who is accessing it and how. There are two factors here:
* Who accesses the data?
* How can they access it (device and channel)?

A

Entitlements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

_______the data, including creating, copying, file transfers, dissemination, and other exchanges of information

A

Read

17
Q

Perform a transaction on the data; update it

A

Process

18
Q

Hold the data (in a file, database, etc.).

A

Store

19
Q

An ______ (person, application, or system/process, as opposed to the access device) performs each
function in a location.

A

actor

20
Q

_______restricts a list of possible actions down to allowed actions. The table below shows one way to list the possibilities, which the user then maps to controls.

A

Controls

21
Q

Ensure information ________ policies and practices extend to the cloud. This will be done through contractual and security controls.

A

governance