Section 2: Data Considerations Flashcards

1
Q

CIA Triad

A

o Confidentiality
▪ Preventing the disclosure of data or information to unauthorized people or systems
▪ How secure is the information, and how secure does that information
need to be?
▪ Confidentiality fails if someone can obtain and view the data that we are
attempting to protect
o Integrity
▪ Deals with protecting data from unauthorized modifications or data
corruption
▪ How correct is the information, and has the data been modified during
retrieval, in transit, or in storage?
▪ Integrity fails if someone can modify the data during its retrieval, transferal, or while it is being stored
o Availability
▪ Deals with ensuring that the data is accessible when and where it is needed
▪ How much uptime is the system providing, and is the data always
accessible by the end users?
▪ Availability fails if the end user cannot access the data when they need it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Recovery Point Objective (RPO)

A

Recovery Point Objective (RPO)
▪ The maximum amount of time that can be lost after a recovery from a disaster, failure, or comparable event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data Destruction: Removal vs Destruction vs Sanitization

A

Data Removal
▪ A generic term that refers to any process that deletes or makes some form of data inaccessible (Right click, delete)

o Data Destruction
▪ A step further than data removal that makes an effort to destroy the underlying data

o Data Sanitization
▪ A step further than data destruction, it performs a verification function to
ensure the data has been wiped and is no longer accessible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Data Ownership Roles

A

Data Owner
o A senior executive role who is mainly responsible for
maintaining the confidentiality, integrity, and availability
of the information asset

● Data Steward
o Focused on the quality of the data and the associated
metadata

● Data Custodian
o Responsible for handling the management of the system
where data assets are stored (Example: System Admin)

● Privacy Officer
o A role that is responsible for the oversight of any kind of
privacy-related data
o Make sure that we are complying with the legal and
regulatory frameworks
o Make sure that we have the right purpose, limitations, and
consent
o Ensure that the organization is properly performing data
minimization, data sovereignty, data retention, and data
destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly