Security Architecture 3.3 Flashcards
Data Types - Regulated
Credit card information
Managed by third-party
Government laws, regulations.
Data Types - Trade secrets
An organisations secret formulas
Often unique to an organisation.
Intellectual Property
May be publicly visible
Copyright and trademark law.
Data types - Legal information
Court records and documents
PII and other sensitive details
Usually stored in many different systems
Data types - Financial Information
Internal company financial details
Customer financials
Payment records
Credit card data, bank records.
Human readable / Non-human readable
Non human-readable - Barcodes, Encoded Data, images, QR codes
Human readbale - Plain text or numbers that humans can read.
Hybrid
Classifying sensitive data
Some data may have different levels of classification.
Different levels require different security and handling
- Additional permission
-A different process to view
- Restricted network access.
Data classifications- Proprietary
Proprietary
Data that is the property of an organisation
May also include trade secrets
Often data unique to an organisation.
Data Classifications - PII
Personally Identifiable information.
Data that can be used to identify an individual. Name, DOB, Biometric information.
Data classifications - PHI
Health information associated with an individual
Health status, health care records, payments for health care.
Data classifications with examples
Sensitive - Intellectual Property
Confidential - Very sensitive, must be approved to view
Public - No restrictions on viewing the data
Private - Restricted access, mat require an NDA
Critical - Data that should always be available.
States of data - Data at rest.
Data stored on a storage device. - Hard Drive, SSD, Flash drive.
Encrypt data. whole disk, database encryptions or file and folder level encryption.
Apply Permissions
- Access control lists
- Only authorised users can access the data.
Data in transit
Should always be encrypted. Firewalls or IPS
Provide transport encryption
TLS (Transport Layer Security)
IPsec (Internet Protocol Security)
Data in Use
Data is actively processing in memory. The data is almost always decrypted
Data sovereignty
Data that resides in a country is subject to the laws of that country
Legal Monitoring, court orders.
Laws may prohibit where data is stored.