Technical Data and Privacy Controls Flashcards
An access control model can be applied to any type of data or software resource
o File system security
o Network security
o Database security
Access Controls
incorrect permissions allocated to a resource can cause a data breach
o Windows
o Linux
File System Permissions
A command-line tool for showing and modifying file permissions
▪ N - No access
▪ F – Full access
▪ R – Read-only
▪ RX – Read and execute
▪ M – Modify
▪ W – Write
▪ D – Delete
icacls
The ability to access and view the contents of a file or list the contents
of a directory
Read (r)
The ability to save changes to a file, or create, rename, and delete files
in a directory
(deleting requires execute)
Write (w)
The ability to run a script, program, or other software file, or the ability
to access a directory, execute a file from that directory, or perform a
task on that directory
Execute (x)
These permissions determine what the file’s owner can do with the file
Owner Permissions
These permissions determine what members of the file’s group who are
not its owner can do with the file
Group Permissions
These permissions determine what users who are not the file’s owner
or members of its group can do with the file
World or Other Permissions
A Linux command that is used to modify permissions for files
chmod
A Linux command that is used to modify the owner of a file
chown
Inactive data that is stored physically in any digital form
Data at Rest
Data that is actively being transmitted over a network
Data in Transit (or Data in Motion)
Active data which is stored in a non-persistent digital state typically in
computer random-access memory (RAM), CPU caches, or CPU registers
Data in Use
A software solution that detects and prevents sensitive information from being
stored on unauthorized systems or transmitted over unauthorized networks
▪ Policy server
▪ Endpoint agents
▪ Network agents
Data Loss Prevention
A rule based on a confidentiality classification tag or label attached to
the data
Classification
A set of patterns that should be matched
Dictionary
A template contains dictionaries optimized for data points in a
regulatory or legislative schema
Policy Template
A structured database of string values to match
Exact Data Match (EDM)
Matching based on an entire or partial document based on hashes
Document Matching
A further refinement of partial document matching is to use machine
learning to analyze a range of data sources
Statistical/Lexicon
Methods and technologies that remove identifying information from data before
it is distributed
Deidentification
A deidentification method where generic or placeholder labels are substituted for
real data while preserving the structure or format of the original data
Data Masking
A deidentification method where a unique token is substituted for real data
Tokenization
A deidentification technique where data is generalized to protect the individuals
involved
Aggregation/Banding
An attack that combines a deidentified dataset with other data sources to
discover how secure the deidentification method used is
Reidentification
Copyright protection technologies for digital media which attempts to mitigating
the risk of unauthorized copies being distributed
Digital Rights Management (DRM)
Methods and technologies that apply a unique anti-tamper signature or message
to a copy of a document
Watermarking
A digital watermark can defeat attempts at removal by cropping pages or images
in the file
Forensic Watermark
