Non-technical Data and Privacy Controls Flashcards
The process of managing information over its life cycle from creation to
destruction
Data Governance
The process of applying confidentiality and privacy labels to information
Data Classification
No restrictions on viewing the data and it presents no risk to
the organization is disclosed to the public at large
Unclassified
Viewing is restricted to authorized persons within the owner
organization or to third parties under a non-disclosure
agreement
Classified
Highly sensitive data that is for viewing only by approved
persons within the organization (and possibly by trusted third
parties under NDA)
Confidential
Information that is valuable and must be protected by severely
restricting its viewing
Secret
Information that would cause grave danger if inadvertently
disclosed
Top Secret
The downgrading of a classification label overtime due to the information no
longer requiring the additional security protections provided by that classification
Declassification
A tag or label to identify a piece of data under a subcategory of a classification
Data Type
The organization of information into preset structures or specifications
Data Format
The location of data within a processing system
▪ Data at rest
▪ Data in motion
▪ Data in use
Data State
Any type of information or asset should consider how a compromise of that information can threaten the three core security attributes of the CIA triad
Legal Requirements
Security controls focus on the CIA attributes of the processing system
Privacy versus Security
A data governance requirement that arises when collecting and processing
personal data to ensure the rights of the subject’s data
Privacy
Personal data cannot be collected, processed, or retained without the individual’s
informed consent
General Data Protection Regulation (GDPR)