Section 5.5 Privacy and Sensitive data concepts in relation to security Flashcards
What concept relates to the control one has over their Personal Identifiable Information (PII) and it’s use and handling?
Privacy
What concept relates to how Personal Identifiable Information (PII) is protected?
Security
What report shows the cost of data breaches and how security controls affected those losses?
Cost of a Data Breach Report
What report is used during the risk assessment process to assess the impact to the organization of a breach of private or sensitive data to better understand the ramifications and help justify the measures to protect it?
Privacy Impact Assessment (PIA)
The potential impact is ________ if the loss of confidentiality, integrity, or availability could be expected to have limited adverse effects on organizational operations, organizational assets, or individuals.
Low
The potential impact is _________ if the loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.
Moderate
The potential impact is _________ if the loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
High
Notification of breaches can be costly due to what?
The number of people that have to be notified, either for decision making (upper management, stakeholders…) or for being affected (customers)
What chooses the security that is associated with data?
The type of data
What data type is any information, regardless of form or format, that an organization, discloses, disseminates, or makes available to the public?
Public Data
What data type is all information that is not meant to be publicly disclosed or disseminated?
Private Data
What data type is information that is privileged and requires special access to view or process?
Sensitive Data
What data type is information subject to restricted access, whether regarding and individual or a company. Used interchangeably with sensitive data?
Confidential Data
What data type is information whose loss, misuse, disclosure, unauthorized access, or modification would have a debilitating impact on the organization?
Critical Data
What data type is information that, if disclosed, could harm a business’s interests, often through loss of a corporate advantage?
Proprietary Data
What do you call information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual?
Personally Identifiable Information (PII)
Organizations used DLP tools across an enterprise for what?
to minimize the ways in which private and sensitive data are extracted
What do you call the process of reducing sensitive or private data to only what is needed?
Data minimization
What do you call the process of using privacy enhancing technologies to make the data anonymous?
Anonymization
What do you call the process of using privacy enhancing technologies to obfuscate the data?
Data Masking
What do you call the process of using privacy enhancing technologies to substitute tokens in lieu of the data itself?
Data Tokenization
Who’s job is it to set the policies and procedures for the handling and dissemination of data. They also approve how the data is connected in any way.
Data Steward
Who’s job is it to determine what data will be collected and how it is used?
Data Controller
Who’s job is it to process the data in accordance to the Data controller’s requirements?
Data Processer
Who is responsible for ensuring that there is a data privacy strategy and that it’s implementation meets requirements?
Data Protection Officer
The first step to preventing a breach of private or sensitive data is to what?
Catalog the data, how it’s processed, and where it’s stored.