Domain 5 - Information Governance Flashcards

1
Q

True/False: The primary goal of information security is to protect the fundamental data that powers our systems
and applications

A

The primary goal of information security is to protect the fundamental data that powers our systems
and applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

This refers to ensuring the use of data and information complies with organizational policies, standards and strategy — including regulatory, contractual, and business objectives.

A

Information/Data Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

True/False:Information governance includes the corporate structures and controls we use to ensure we handle data in accordance with our goals and requirements.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the aspects or factors impacting information/data governance when storing data in the cloud?

A
  • Multi-tenancy
  • Shared Security Responsibility
  • Jurisdictional boundaries and sovereignty
  • Compliance, regulations and privacy policies
  • Destruction and removal of data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

______ , as the name says, is about who owns the data while _________ refers to who is managing the data

A

Ownership, Custodianship

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the governance domains affected by Cloud Computing?

A
  • Information Classification
  • Information Management Policies
  • Location and Jurisdiction Policies
  • Authorisations
  • Ownership and Custodianship
  • Privacy
  • Contractual Controls
  • Security Controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

_______ is a sum of regulatory requirements, contractual obligations, and commitments
to customers (e.g. public statements). You need to understand the total requirements and
ensure information management and security policies align.

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

______ is your legal tool for extending governance requirements to a third
party, like a cloud provider

A

Contractual Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

_______ are the tool to implement data governance. They change significantly in cloud computing.

A

Security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

True/False: Information Lifecycle Management is a fairly mature field, it does map well to the
needs of security professionals

A

False. Life cycle mamangement doesn’t map well to the needs of security professionals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

______ is simply a tool to help understand the security boundaries and controls around data. It’s not meant to be used as a rigorous tool for all types of data. It’s a modeling tool to help evaluate data security at a high level and find focus points.

A

Data Security Lifecycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the six phases of Data Security Lifecycle?

A
  • Create
  • Store
  • Use
  • Share
  • Archive
  • Destroy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

True/False. The data security lifecycle represents the phases information passes through but doesn’t address its location or how it is accessed.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In data security lifecycle, this refers to who and how of accessing data

A

Entitlement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True/False: Data is accessed and stored in multiple locations, each with its own lifecycle.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the three things (functions) we can do with Data in data securty lifecycle?

A

• • Read. View/read the data, including creating, copying, file transfers, dissemination, and other
exchanges of information.
• • Process. Perform a transaction on the data; update it; use it in a business processing transaction, etc.
• • Store. Hold the data (in a file, database, etc.).

17
Q
In information/data lifecycle, \_\_\_\_\_ refers to (person, application, or system/process, as opposed to the access device) who performs each
function in a location while \_\_\_\_\_\_\_  restricts a list of possible actions down to allowed actions.
A

Actor

Control

18
Q

True/False :Instead of lifting and shifting existing information architectures take the opportunity of the
migration to the cloud to re-think and re-structure what is often the fractured approach used
in existing infrastructure.

A

True. Don’t bring bad habits.