Protecting Data Flashcards

1
Q

Organizational Data

A

Data is the lifeblood of many organizations. It’s everywhere; on a storage drive, on the network, in a CPU. Protecting the data requires security policies and encryption. Also it must be controlled through user access/permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data Sovereignty

A

Data that resides in a country is subject to the laws of that country. Legal monitoring, court order, etc. Laws may prohibit where data is stored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data Masking

A

“Data obfuscation” - Hiding some of the original data, think about credit cards. ***8888. It protects personal information. The data may still be in the system but viewing it is controlled through permissions. There are different techniques; Substituting, shuffling, encrypting, masking out etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Encrypting Data

A

Original information is called “plaintext”. Encrypted is called “ciphertext”. If you have the proper key, they can be converted into one or the other. Encrypted data is meant to confuse as part of the encryption mechanism.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Diffusion

A

If you change one character of the input, the ciphertext completely changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data at-rest

A

The data on a storage device is called Data At-Rest. Any data stored on a hard drive, SSD, flash drive, etc is data at-rest. Some of these storage devices may be entirely encrypted. It could be whole disk encryption, database encryption, or file or folder level encryption. Permissions should be applied to the data to ensure that only authorized users can access the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data in-transit

A

Also known as data in-motion. This is data transmitted over the network. Data is moving between switches, routers, and different devices. Often the data is allowed using a firewall or intrusion prevention system (IPS). The data may be encrypted in transit via Transport Layer Security (TLS) or Internet Protocol Security (IPsec).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data in-use

A

Data is actively processing in memory. (System RAM, CPU registers, and cache). The data is almost always decrypted. The attackers can pick the decrypted info out of RAM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Tokenization

A

Replaces sensitive data with a non-sensitive placeholder.
-SSN 266-12-1112 converted to appear as 681-61-8539.
This is a common process used with credit card processing. It uses a temporary token during payment. The attacker captures a token that wont be able to be used later. This is not encryption or hashing. This process is completed using a third party Remote Token Service Server. The card is registered with the service server, the server sends a token to the device (mobile phone) and the token is used during checkout. The checkout system is also already in communication with the remote token service server and is able to take the token and verify it with the server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Information Rights Management (IRM)

A

Microsoft Office documents or PDF’s that are “read only” or unable to make changes. The idea is simply to restrict access to unauthorized persons. Can prevent copy and paste, control screenshots, printing, restrict editing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly