Section 5.5 Privacy and Sensitive data concepts in relation to security Flashcards
What concept relates to the control one has over their Personal Identifiable Information (PII) and it’s use and handling?
Privacy
What concept relates to how Personal Identifiable Information (PII) is protected?
Security
What report shows the cost of data breaches and how security controls affected those losses?
Cost of a Data Breach Report
What report is used during the risk assessment process to assess the impact to the organization of a breach of private or sensitive data to better understand the ramifications and help justify the measures to protect it?
Privacy Impact Assessment (PIA)
The potential impact is ________ if the loss of confidentiality, integrity, or availability could be expected to have limited adverse effects on organizational operations, organizational assets, or individuals.
Low
The potential impact is _________ if the loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.
Moderate
The potential impact is _________ if the loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
High
Notification of breaches can be costly due to what?
The number of people that have to be notified, either for decision making (upper management, stakeholders…) or for being affected (customers)
What chooses the security that is associated with data?
The type of data
What data type is any information, regardless of form or format, that an organization, discloses, disseminates, or makes available to the public?
Public Data
What data type is all information that is not meant to be publicly disclosed or disseminated?
Private Data
What data type is information that is privileged and requires special access to view or process?
Sensitive Data
What data type is information subject to restricted access, whether regarding and individual or a company. Used interchangeably with sensitive data?
Confidential Data
What data type is information whose loss, misuse, disclosure, unauthorized access, or modification would have a debilitating impact on the organization?
Critical Data
What data type is information that, if disclosed, could harm a business’s interests, often through loss of a corporate advantage?
Proprietary Data