Domain 5 - Information Governance

Question 1

True/False: The primary goal of information security is to protect the fundamental data that powers our systems
and applications

Answer 1

The primary goal of information security is to protect the fundamental data that powers our systems
and applications

Question 2

This refers to ensuring the use of data and information complies with organizational policies, standards and strategy — including regulatory, contractual, and business objectives.

Answer 2

Information/Data Governance

Question 3

True/False:Information governance includes the corporate structures and controls we use to ensure we handle data in accordance with our goals and requirements.

Answer 3

True

Question 4

What are the aspects or factors impacting information/data governance when storing data in the cloud?

Answer 4

• Multi-tenancy
• Shared Security Responsibility
• Jurisdictional boundaries and sovereignty
• Compliance, regulations and privacy policies
• Destruction and removal of data

Question 5

______ , as the name says, is about who owns the data while _________ refers to who is managing the data

Answer 5

Ownership, Custodianship

Question 6

What are the governance domains affected by Cloud Computing?

Answer 6

• Information Classification
• Information Management Policies
• Location and Jurisdiction Policies
• Authorisations
• Ownership and Custodianship
• Privacy
• Contractual Controls
• Security Controls

Question 7

_______ is a sum of regulatory requirements, contractual obligations, and commitments
to customers (e.g. public statements). You need to understand the total requirements and
ensure information management and security policies align.

Answer 7

Privacy

Question 8

______ is your legal tool for extending governance requirements to a third
party, like a cloud provider

Answer 8

Contractual Controls

Question 9

_______ are the tool to implement data governance. They change significantly in cloud computing.

Answer 9

Security controls

Question 10

True/False: Information Lifecycle Management is a fairly mature field, it does map well to the
needs of security professionals

Answer 10

False. Life cycle mamangement doesn’t map well to the needs of security professionals

Question 11

______ is simply a tool to help understand the security boundaries and controls around data. It’s not meant to be used as a rigorous tool for all types of data. It’s a modeling tool to help evaluate data security at a high level and find focus points.

Answer 11

Data Security Lifecycle

Question 12

What are the six phases of Data Security Lifecycle?

Answer 12

• Create
• Store
• Use
• Share
• Archive
• Destroy

Question 13

True/False. The data security lifecycle represents the phases information passes through but doesn’t address its location or how it is accessed.

Answer 13

True

Question 14

In data security lifecycle, this refers to who and how of accessing data

Answer 14

Entitlement

Question 15

True/False: Data is accessed and stored in multiple locations, each with its own lifecycle.

Answer 15

True

Question 16

What are the three things (functions) we can do with Data in data securty lifecycle?

Answer 16

• • Read. View/read the data, including creating, copying, file transfers, dissemination, and other
exchanges of information.
• • Process. Perform a transaction on the data; update it; use it in a business processing transaction, etc.
• • Store. Hold the data (in a file, database, etc.).

Question 17

In information/data lifecycle, \_\_\_\_\_ refers to (person, application, or system/process, as opposed to the access device) who performs each
function in a location while \_\_\_\_\_\_\_  restricts a list of possible actions down to allowed actions.

Answer 17

Actor

Control

Question 18

True/False :Instead of lifting and shifting existing information architectures take the opportunity of the
migration to the cloud to re-think and re-structure what is often the fractured approach used
in existing infrastructure.

Answer 18

True. Don’t bring bad habits.