Policies and Procedures Flashcards
Under the data ownership model, who is responsible for maintaining the confidentiality, integrity and availability of the asset along with labeling the asset and ensuring that is is protected with the appropriate controls?
Data Owner
Under the data ownership model, who is focused on the quality of the data and associated metadata?
Data Steward
Under the data ownership model, who is responsible for managing of the system on which the data assets are stored? Also considered a system administrator
Data Custodian
Under the data ownership model, who is responsible for the oversight of any PII / SPI / PHI assets managed by the organization?
Privacy Officer
What is PII? Give some examples
Data that can be used to identify a person. Full name, Drivers License, SSN, DOB, Biometric data
What is PHI? Give examples
Personal health information. Medical records
What is PCI/DSS?
Payment card industry data security standard. Anything involving credit cards and payment information
What is de-identification?
Methods and technology that remove indentifying info from data before it is distributed
What is data masking?
generic or place holder labels that are substituted for real data. Example would include replacing credit card digits with *
What is tokenization?
Using tokens as a substitute for real data
What is aggregation/banding?
when data is generalized to protect the individual involved
What is a re-identification attack?
An attack that combines a de-identified data set with other data sources to discover how secure the de-identification method used is
What is asset disposal and what is the need for it?
Disposing of an asset whenever it is no longer needed
What is degaussing?
When the hard drive is exposed to a powerful magnetic field that causes that data to be wiped from the drive
What is data purging?
Removing data in a way that it cannot be reconstructed using any known forensic techniques