Section 5.5 Privacy and Sensitive data concepts in relation to security Flashcards

1
Q

What concept relates to the control one has over their Personal Identifiable Information (PII) and it’s use and handling?

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What concept relates to how Personal Identifiable Information (PII) is protected?

A

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What report shows the cost of data breaches and how security controls affected those losses?

A

Cost of a Data Breach Report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What report is used during the risk assessment process to assess the impact to the organization of a breach of private or sensitive data to better understand the ramifications and help justify the measures to protect it?

A

Privacy Impact Assessment (PIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The potential impact is ________ if the loss of confidentiality, integrity, or availability could be expected to have limited adverse effects on organizational operations, organizational assets, or individuals.

A

Low

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The potential impact is _________ if the loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.

A

Moderate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The potential impact is _________ if the loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.

A

High

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Notification of breaches can be costly due to what?

A

The number of people that have to be notified, either for decision making (upper management, stakeholders…) or for being affected (customers)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What chooses the security that is associated with data?

A

The type of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What data type is any information, regardless of form or format, that an organization, discloses, disseminates, or makes available to the public?

A

Public Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What data type is all information that is not meant to be publicly disclosed or disseminated?

A

Private Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What data type is information that is privileged and requires special access to view or process?

A

Sensitive Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What data type is information subject to restricted access, whether regarding and individual or a company. Used interchangeably with sensitive data?

A

Confidential Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What data type is information whose loss, misuse, disclosure, unauthorized access, or modification would have a debilitating impact on the organization?

A

Critical Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What data type is information that, if disclosed, could harm a business’s interests, often through loss of a corporate advantage?

A

Proprietary Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What do you call information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual?

A

Personally Identifiable Information (PII)

17
Q

Organizations used DLP tools across an enterprise for what?

A

to minimize the ways in which private and sensitive data are extracted

18
Q

What do you call the process of reducing sensitive or private data to only what is needed?

A

Data minimization

19
Q

What do you call the process of using privacy enhancing technologies to make the data anonymous?

A

Anonymization

20
Q

What do you call the process of using privacy enhancing technologies to obfuscate the data?

A

Data Masking

21
Q

What do you call the process of using privacy enhancing technologies to substitute tokens in lieu of the data itself?

A

Data Tokenization

22
Q

Who’s job is it to set the policies and procedures for the handling and dissemination of data. They also approve how the data is connected in any way.

A

Data Steward

23
Q

Who’s job is it to determine what data will be collected and how it is used?

A

Data Controller

24
Q

Who’s job is it to process the data in accordance to the Data controller’s requirements?

A

Data Processer

25
Q

Who is responsible for ensuring that there is a data privacy strategy and that it’s implementation meets requirements?

A

Data Protection Officer

26
Q

The first step to preventing a breach of private or sensitive data is to what?

A

Catalog the data, how it’s processed, and where it’s stored.