Asset Security

Question 1

Why classify assets and data?

Answer 1

• determine how much time and effort should be spent protecting assets and data

Question 2

FIPS

Answer 2

• FIPS PUB 199
• Federal Information Processing Standards Publication
• standards for security categorization of federal information and information systems
• Security categorization is based on CIA for each information type
• Confidentiality: how bad is it if data is accessed by unauthorized person
• Integrity: how bad is it if the data is altered
• Availability: how bad is it if the data is destroyed
• Ranking system: high impact, moderate, low for each are of CIA

Question 3

What are the national security classifications of information?

Answer 3

• Top Secret: if disclosed would cause grave danger to national security
• Secret: cause serious damage to national security
• Confidential: cause damage to national security

Question 4

SBU

Answer 4

• sensitive but unclassified

Question 5

SSI

Answer 5

• sensitive security information

Question 6

CUI

Answer 6

• controlled unclassified information

Question 7

Proprietary

Answer 7

• data represented as intellectual property

Question 8

Confidential

Answer 8

• only for internal use

Question 9

Public

Answer 9

• free to distribute publicly

Question 10

Owner of data

Answer 10

• responsible for creating policy and guidance for data
• assign values to the asset/data
• classify the asset/data
• authorize access to asset/data

Question 11

Custodians of data

Answer 11

• implement controls and protections for data based on classification and policy
• manage, monitor, and report on data

Question 12

SAM

Answer 12

• software asset management
• document what is in use and where in use
• audit to verify compliance/licensing
• report and correct any problems with licensing

Question 13

Hardware Inventory Mangement

Answer 13

• document what is in use and where it is in use
• ## track (by MAC) from onboard of hardware all the way to disposal

Question 14

What is the first step of Configuration Mangement?

Answer 14

• getting a baseline config (bc)

- BC is a security configuration profile

Question 15

How do you monitor changes in Configuration Management?

Answer 15

• change control process

- change advisory board that approves the change

Question 16

What are examples of PII?

Answer 16

• social security number
• driver’s license number
• passport number
• credit card number

Question 17

PHI

Answer 17

• protected health information

-

Question 18

What are examples of privacy regulations?

Answer 18

• GDPR

- HIPPA

Question 19

COPPA

Answer 19

• Children’s Online Privacy Protection Rule

- rules about collecting online data regarding inviduals who are under 13 years of age

Question 20

PIA

Answer 20

• Privacy Impact Assessment

- defines how an organization collects personal data, how it is stored, how it is shared

Question 21

PTA

Answer 21

• Privacy Threshold Assessment

- same questions as PIA

Question 22

GLBA

Answer 22

• Gramm-Leach-Billey Act

- Financial information