Data Lifecycle, Controls, & Compliance

Question 1

What does RBAC stand for in data roles?

Answer 1

Role-Based Access Control

RBAC is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise.

Question 2

Who typically oversees data in a specific zone or admin domain?

Answer 2

Data Owner

A Data Owner is responsible for ensuring that information is properly maintained across platforms and business processes.

Question 3

What are the primary activities of a Data Owner?

Answer 3

• Compiling and approving data glossaries, schema, and definition sets
• Managing functions relevant to data quality and accuracy
• Certifying information used inside and outside of the organization
• Appraising and approving a master data management (MDM) strategy
• Resolving issues with other data owners

These activities ensure the proper management and governance of data assets.

Question 4

What is the role of Data Custodians?

Answer 4

Controller of the data

Data Custodians develop and maintain technical and security controls for data collections.

Question 5

What do Data Stewards focus on?

Answer 5

Managing quality of the data sets

Data Stewards are customer-focused and serve as Subject Matter Experts (SMEs) regarding the importance of information.

Question 6

Fill in the blank: Data users and processors perform ______ as part of their job roles.

Answer 6

raw data input and batch jobs

Question 7

What is involved in the Collection Phase of data management?

Answer 7

• Collecting data from various sources
• Data creation, acquisition, or entry
• Handling structured, semi-structured, and unstructured data

This phase includes legal and accurate data collection.

Question 8

What defines the Location Phase in data management?

Answer 8

Storage of data in object/volume, file, and/or object storage

This phase is optional but critical for visibility into data locations.

Question 9

What is the GDPR concept related to data maintenance?

Answer 9

Data minimization

Data minimization ensures only necessary data is maintained.

Question 10

What are the methods included in data maintenance?

Answer 10

• Encryption
• Wrangling
• Compression
• Processing and analysis

These methods help in managing the utility and quality of data.

Question 11

What does data retention refer to?

Answer 11

Long-term archiving of data

Data retention is guided by best practices, policies, and regulations.

Question 12

What is data remanence?

Answer 12

Remnants or artifacts of data that could be recovered after deletion

Data remanence poses risks of unauthorized access to sensitive information.

Question 13

What is the End of Life (EOL) in the context of data?

Answer 13

When the utility of data expires and it is discarded or destroyed

EOL signifies that the data is no longer useful to the organization.

Question 14

What does physical security in data destruction involve?

Answer 14

Disposition or destruction of physical media

This is crucial for ensuring confidentiality.

Question 15

What are the three options for destroying data?

Answer 15

• Overwriting or crypto-shredding
• Physical destruction
• Degaussing or wiping

These methods ensure that data cannot be recovered after deletion.

Question 16

What is data scoping?

Answer 16

Deciding the boundaries within which certain data or controls apply

This process helps in defining the limits of data governance.

Question 17

What does data tailoring involve?

Answer 17

Customizing security controls to match organizational requirements

Data tailoring ensures that security measures fit the specific needs of the organization.

Question 18

What are the 6 Phases of the Data Life Cycle?

Answer 18

1. Creation / Collection - Data is generated or collected from internal or external sources. Ensure accuracy, validate inputs, apply classification, obtain consent if personal data.
2. Storage / Retention - Data is stored in databases, file systems, or cloud environments. Encrypt at rest, access control, backup, secure physical and logical storage.
3. Usage / Processing - Data is actively accessed, modified, or processed. Access control, logging, secure applications, prevent unauthorized modifications.
4. Sharing / Transmission - Data is transmitted internally or externally. Encrypt in transit (TLS/SSL, VPN), ensure integrity, authenticate recipients.
5. Archival - Data is moved to long-term storage for retention or compliance purposes. Ensure secure storage, restrict access, maintain integrity over time, comply with retention policies.
6. Disposal / Destruction - Data is securely destroyed when no longer needed. Wipe digital media, shred physical media, sanitize devices, document disposal for compliance.

Question 19

What is Data at Rest?

Answer 19

Data stored on any medium (disk, database, file, cloud storage) that is not actively moving.

Security considerations include encryption at rest (AES, disk encryption), access control (RBAC, DAC, MAC), physical security, and backup and redundancy.

Question 20

What is Data in Transit (Data in Motion)?

Answer 20

Data being transmitted across networks or between systems.

Security considerations include encryption in transit (TLS/SSL, VPN), integrity checks (hashes, digital signatures), secure communication protocols, and network monitoring / IDS.

Question 21

What is Data in Use?

Answer 21

Data currently being processed in memory (RAM, CPU cache) or actively accessed by applications.

Security considerations include memory protection / encryption, secure application controls, endpoint security, and minimizing exposure to unauthorized access.

Question 22

What is Digital Rights Management (DRM)?

Answer 22

DRM is access-control technology that protects licensed and copyrighted digital intellectual property or IP.

Question 23

Who uses DRM?

Answer 23

DRM is used by publishers, manufacturers, content producers, and owners of intellectual property for digital content and device monitoring.

Question 24

What types of media does DRM protect?

Answer 24

DRM protects copyrighted digital music files, apps, software programs, films, documentaries, TV shows, games, and other media such as sporting events.

Question 25

What is Data Loss Prevention (DLP)?

Answer 25

DLP is a collection of hardware and software tools and programs that help safeguard sensitive data, intellectual property, personal health, and identifiable information from being leaked, lost, tainted, stolen, or read by unauthorized users.

Question 26

What is Data Loss Prevention (DLP)?

Answer 26

A collection of hardware and software tools that help safeguard sensitive data, intellectual property, personal health, and identifiable information from being leaked, lost, tainted, stolen, or accessed by unauthorized users.

Question 27

What are the three forms of DLP protection?

Answer 27

1. Network DLP 2. Endpoint DLP 3. Cloud-based DLP

Question 28

What is Network DLP?

Answer 28

Monitors and controls data moving across the network. ## Footnote Example: Blocking unencrypted credit card numbers in outgoing emails.

Question 29

What is Endpoint DLP?

Answer 29

Monitors and controls data on end-user devices. ## Footnote Example: Prevent copying sensitive files to USB drives.

Question 30

What is Storage / Discovery DLP?

Answer 30

Scans databases, file shares, and cloud storage for sensitive data. ## Footnote Example: Identify unencrypted files containing PII, PHI, or intellectual property.

Question 31

What is Cloud / SaaS DLP?

Answer 31

Protects data stored and shared in cloud applications. ## Footnote Example: Monitor and control sensitive files in Office 365, Google Workspace, or Dropbox.

Question 32

What is CASB?

Answer 32

A security policy enforcement point that sits between cloud service users and cloud applications.

Question 33

What is the purpose of CASB?

Answer 33

Provide visibility, control, and protection for data and activity in cloud services.

Question 34

What is a use case for CASB?

Answer 34

Helps organizations secure SaaS, PaaS, and IaaS environments, ensuring compliance and preventing data breaches.

Question 35

What are the four pillars of CASB?

Answer 35

CASB capabilities are often categorized into four main pillars: Visibility, Compliance, Data Security, and Threat Protection.

Question 36

What does the Visibility pillar of CASB provide?

Answer 36

Provides insight into cloud application usage and user activity. ## Footnote Example controls include discovering unsanctioned apps, monitoring login patterns, and tracking data sharing.

Question 37

What does the Compliance pillar of CASB ensure?

Answer 37

Ensures cloud services comply with regulations and internal policies. ## Footnote Example controls include enforcing GDPR, HIPAA, PCI-DSS, ISO 27001 requirements, and audit reports.

Question 38

What is the function of the Data Security pillar of CASB?

Answer 38

Protects sensitive data in the cloud. ## Footnote Example controls include encryption, tokenization, data loss prevention (DLP), and access control.

Question 39

What does the Threat Protection pillar of CASB do?

Answer 39

Detects and mitigates security threats in cloud environments. ## Footnote Example controls include malware detection, account takeover detection, anomaly detection, and behavioral analytics.