Security And the Information Life Cycle Flashcards
Information Life Cycle
Security involved at every phase Data collection.
- Consent
Implementation depends on regulations/standards.
What are the Life cycle phases?
Collect, Store, Process, Share, Archive
Personally, Identifiable Information (PII)
One or more pieces of sensitive information that can be traced back to an individual.
-Social security number
-Email address
-Credit card number
-Home address
-Web browser cookie containing sensitive session identifiers.
What is Protected Health Information (PHI)?
One or more pieces of sensitive medical information that can be traced back to an individual.
-Health insurance plan number
-Blood type
-Patient medical ailments
What are Privacy-Enhancing Technologies
-Anonymization
-The GDPR allows anonymized data collection and use without user consent.
-Anonymized data has limited marketing value
Anonymization Techniques
Pseudo-anonymization - Replace PII with fake identifiers.
Data minimization - Limit stored/retained sensitive data.
Tokenization - A digital token authorizes access instead of the original credentials.
Data Masking - Hide sensitive data from unauthorized users. Masked out credit card numbers digits on receipt
Data Sovereignty
Location of data and laws that apply to it
-Where did the data originate?
-Where does the data reside?
-Which laws/regulations apply to the data?
Data Destruction
Paper, film, magnetic tape.
Burning, pulping, Shredding(pulverizing)
Digital Data Destruction
Failed or decommissioned storage devices storage device end-of-life policies.
Reuse? donate? destroy?
update asset inventory
Digital Media Sanitization
Data is still recoverable. deleted files, repartitioned or reformatted drives.
Disk wiping tools - SSD and HD multiple pass disk overwrites. HD only degaussing.
Cryptographic erasure
-Destroy storage media decryption key
-Self-encrypting drives (SEDs)
