Security Architecture 3.3 Flashcards
Data Types - Regulated
Credit card information
Managed by third-party
Government laws, regulations.
Data Types - Trade secrets
An organisations secret formulas
Often unique to an organisation.
Intellectual Property
May be publicly visible
Copyright and trademark law.
Data types - Legal information
Court records and documents
PII and other sensitive details
Usually stored in many different systems
Data types - Financial Information
Internal company financial details
Customer financials
Payment records
Credit card data, bank records.
Human readable / Non-human readable
Non human-readable - Barcodes, Encoded Data, images, QR codes
Human readbale - Plain text or numbers that humans can read.
Hybrid
Classifying sensitive data
Some data may have different levels of classification.
Different levels require different security and handling
- Additional permission
-A different process to view
- Restricted network access.
Data classifications- Proprietary
Proprietary
Data that is the property of an organisation
May also include trade secrets
Often data unique to an organisation.
Data Classifications - PII
Personally Identifiable information.
Data that can be used to identify an individual. Name, DOB, Biometric information.
Data classifications - PHI
Health information associated with an individual
Health status, health care records, payments for health care.
Data classifications with examples
Sensitive - Intellectual Property
Confidential - Very sensitive, must be approved to view
Public - No restrictions on viewing the data
Private - Restricted access, mat require an NDA
Critical - Data that should always be available.
States of data - Data at rest.
Data stored on a storage device. - Hard Drive, SSD, Flash drive.
Encrypt data. whole disk, database encryptions or file and folder level encryption.
Apply Permissions
- Access control lists
- Only authorised users can access the data.
Data in transit
Should always be encrypted. Firewalls or IPS
Provide transport encryption
TLS (Transport Layer Security)
IPsec (Internet Protocol Security)
Data in Use
Data is actively processing in memory. The data is almost always decrypted
Data sovereignty
Data that resides in a country is subject to the laws of that country
Legal Monitoring, court orders.
Laws may prohibit where data is stored.
Geolocation
Can be used to manage data access, limit administrative tasks unless secure area is used.
Method to secure data -Geographic Restrictions
Identify based on IP subnet, Can be difficult with mobile phones.
Geolocation works with GPS to get an accurate location description.
Geofencing - Allowing or restricting based on a particular location.
Methods to secure data - encryption
Encode Information into unreadable data
Original information is plaintext encrypted to ciphertext.
Must be able to decrypt original data.
Methods to secure data - Hashing
Represent data as a string of text. Impossible to recover the original message from the hash.
Can be a digital signature - Authentication, non-repudiation.
Obfuscation - Methods to secure data
Make something normally understandable very difficult to understand.
Masking -Methods to secure data
A type of obfuscation to hide original data. Done on receipts.
Tokenisation
Replace sensitive data with a on sensitive placeholder. There is no encryption or hashing algorithm which lowers overhead.
Segmentation
Many organisations use a data source. One breach puts all of the data at risk. Separate the data into smaller pieces and store it in different locations
Sensitive data should have stronger security. The most sensitive data must be most secure.
Permission restrictions
Control access to an account
The authentication process, password policies, authentication factor policies, other considerations.
