Policies and Procedures Flashcards

1
Q

Under the data ownership model, who is responsible for maintaining the confidentiality, integrity and availability of the asset along with labeling the asset and ensuring that is is protected with the appropriate controls?

A

Data Owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Under the data ownership model, who is focused on the quality of the data and associated metadata?

A

Data Steward

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Under the data ownership model, who is responsible for managing of the system on which the data assets are stored? Also considered a system administrator

A

Data Custodian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Under the data ownership model, who is responsible for the oversight of any PII / SPI / PHI assets managed by the organization?

A

Privacy Officer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is PII? Give some examples

A

Data that can be used to identify a person. Full name, Drivers License, SSN, DOB, Biometric data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is PHI? Give examples

A

Personal health information. Medical records

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is PCI/DSS?

A

Payment card industry data security standard. Anything involving credit cards and payment information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is de-identification?

A

Methods and technology that remove indentifying info from data before it is distributed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is data masking?

A

generic or place holder labels that are substituted for real data. Example would include replacing credit card digits with *

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is tokenization?

A

Using tokens as a substitute for real data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is aggregation/banding?

A

when data is generalized to protect the individual involved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a re-identification attack?

A

An attack that combines a de-identified data set with other data sources to discover how secure the de-identification method used is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is asset disposal and what is the need for it?

A

Disposing of an asset whenever it is no longer needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is degaussing?

A

When the hard drive is exposed to a powerful magnetic field that causes that data to be wiped from the drive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is data purging?

A

Removing data in a way that it cannot be reconstructed using any known forensic techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is data clearing?

A

Removing that data with a certain amount of assurance that it cannot be reconstructed. Can still be reconstructed using forensic procedures

17
Q

A type of agreement that specifies generic terms to simplify the negotiation of future contracts between the signing parties is called:

A

MSA - Master Service Agreement

18
Q

General document established between two or more parties to define their respective responsibilities and expectations in accomplishing a particular goal or mission?

A

MOU/MOA - Memorandum of Understanding/Memorandum of Agreement