Data Protection

Question 1

Data Sovereignty

Answer 1

• Information is subject to the laws and governance structures within the nation where it is collected

Question 2

Data Loss Prevention (DLP)

Answer 2

• Strategy for ensuring sensitive or critical information does not leave an organization

Question 3

Data Classification

Answer 3

• Category based on the organization’s value and the sensitivity of the information if it were to be disclosed

Question 4

Sensitive Data

Answer 4

• Any information that can result in a loss of security or a loss of advantage to a company if accessed by an unauthorized person

Question 5

Over classifying data leads to __________

Answer 5

• Protecting all data at a high level
• This means spending more time and resources to protect data that doesn’t need protection

Question 6

What are the two different classification schemes used by organizations to protect data?

Answer 6

• Commercial Business
• Government

Question 7

What are the five data classification for a commercial business?

Answer 7

1. Public
2. Sensitive
3. Private
4. Confidential
5. Critical

Question 8

Public Data Classification

Answer 8

• Has no impact on the company if released and is often posted in an open-sourced environment

Question 9

Sensitive Data

Answer 9

• Has minimal impact if released

EXAMPLE: Organization’s financial data

Question 10

Private Data

Answer 10

• Contains data that should only be used inside the organization

Question 11

Confidential Data

Answer 11

• Contains items such as trade secrets, intellectual property data, and source code that affect the business if disclosed

Question 12

Critical Data

Answer 12

• Contains valuable information

Question 13

What are the five data classification for a government?

Answer 13

1. Unclassified
2. Sensitive but classified
3. Confidential
4. Secret
5. Top secret

Question 14

Unclassified Data

Answer 14

• Data that can be released to the public or under the Freedom of Information Act

Question 15

Sensitive but classified

Answer 15

• Data that would not hurt national security if released but could impact those whose data is being used

Question 16

Confidential Data

Answer 16

• Data that could seriously affect the government if unauthorized disclosure happens

Question 17

Secret Data

Answer 17

• Data that could seriously damage national security if disclosed

Question 18

Top Secret Data

Answer 18

• Data that would damage national security if disclosed

Question 19

What is a typical lifestyle for data?

Answer 19

• Collect -> Retain -> Dispose

Question 20

Data Ownership

Answer 20

• Process of identifying the person responsible for the confidentiality, integrity, availability, and privacy of the information assets

Question 21

Data Owner

Answer 21

• Senior executive role that has the responsibility for maintaining the confidentiality, integrity, and availability of the information asset

Question 22

Data Controller

Answer 22

• Entity that holds responsibility for deciding the purposes and methods of data storage, collection, and usage, and for guaranteeing the legality of the process

Question 23

Data Processor

Answer 23

• Group or individual hired by the data controller to help with tasks like collecting, storing, or analyzing data

Question 24

Data Custodian

Answer 24

• Responsible for handling the management of the system on which the data assets are stored

Question 25

Data Steward

Answer 25

- Focused on the quality of the data and the associated metadata

Question 26

Data Privacy Officer

Answer 26

- Role that is responsible for the oversight of any kind of privacy-related data like, PII, SPI, or PHI

Question 27

What are the three data states?

Answer 27

1. Data at rest 2. Data in transit 3. Data in use

Question 28

Data at rest

Answer 28

- Refers to any data stored in databases, file systems, or other storage systems

Question 29

Full Disk Encryption (FDE)

Answer 29

- Method used when data is at rest - Encrypts entire hard drive

Question 30

Partition Encryption

Answer 30

- Method used when data is at rest - Encrypts specific partitions of a hard drive, leaving other partitions unencrypted

Question 31

File Encryption

Answer 31

- Method used when data is at rest - Encrypting individual files

Question 32

Volume Encryption

Answer 32

- Method used when data is at rest - Encrypts a set of selected files or directories

Question 33

Database Encryption

Answer 33

- Method used when data is at rest - Encrypts data stored in a database

Question 34

Record Encryption

Answer 34

- Method used when data is at rest - Encrypts specific fields within a database record

Question 35

Data in transit/Data in motion

Answer 35

- Refers to data actively being moved from one to another, such as across the internet or over a private network

Question 36

Secure Sockets Layer (SSL) Transport Layer Security (TLS)

Answer 36

- Method used when data is in-transit - Cryptogrphic protocols designed to provide secure communication over a computer network

Question 37

Virtual Private Network (VPN)

Answer 37

- Method used when data is in-transit - Technology that creates a secure connection over a less secure network (internet)

Question 38

Internet Protocol Security (IPSec)

Answer 38

- Method used when data is in-transit - Protocol suite used to secure IP communications by authenticating and encrypting each IP packet in a data stream

Question 39

Data in use

Answer 39

- Refers to data in the process of being created, retrieved, updated, or deleted

Question 40

Regulated Data

Answer 40

- Information controlled by laws, regulations, or industry standards - Includes PII, health records, and credit card information

Question 41

Personal Identification Information (PII)

Answer 41

- Any information that can be used to identify an individual EXAMPLE: Names, social security numbers, and addresses

Question 42

Personal Health Information (PHI)

Answer 42

- Any information about health status, provision of healthcare, or payment for healthcare that can be linked to a specific individual - This is protected by the Health Insurance Portability and Accountability Act (HIPAA)

Question 43

Trade Secrets

Answer 43

- Type of confidential business information that provides a company with a competitive edge - These are protected by law

Question 44

Intellectual Property (IP)

Answer 44

- Creations of the mind, such as inventions, literary and artistic works, designs, and symbols - Things like patents, laws, copyrights, and trademarks protect this

Question 45

Legal Information

Answer 45

- Includes any data related to legal proceedings, contracts, or regulatory compliance

Question 46

Financial Information

Answer 46

- Includes data related to an organization's financial transactions, such as sales records, invoices, tax documents, and bank statements

Question 47

Human Readable Data

Answer 47

- Information that c an be understood by humans without the need for a machine or software EXAMPLE: Spreadsheets

Question 48

Non-human Readable Data

Answer 48

- Information that requires a machine or software to interpret

Question 49

Data sovereignty is the principle that information is subject to __________

Answer 49

- The laws of the nation where it is collected or processed

Question 50

General Data Protection Regulation (GDPR)

Answer 50

- Governing body for data collection in European Union - Has stringent rules for data protection and grants individuals strong rights over their personal data

Question 51

Geographic Restrictions (Geofencing of data)

Answer 51

- Involves setting up virtual boundaries to restrict data access based on geographic location EXAMPLE: Can deny access to login from other countries

Question 52

Hashing

Answer 52

- Technique that converts data into a fixed size of numerical or alphanumeric characters, known as a hash value - Once data is hashed, it cannot be decrypted

Question 53

Masking

Answer 53

- Involves replacing some or all of the data in a field wit ha placeholder, such as "x", to conceal the original content - Once masked, cannot be reversed EXAMPLE: Phone number area code is only shown, rest is masked

Question 54

Tokenization

Answer 54

- Replaces sensitive data with non-sensitive substitutes, known as tokens - Original data stored in separate database

Question 55

Obfuscation

Answer 55

- Involves making data unclear or unintelligible, making it difficult for unauthorized users to understand... Basically a catch all phrase for encryption and other ways to protect data

Question 56

Segmentation

Answer 56

- Involves dividing a network into separate segments, each with its own security controls

Question 57

Permission restrictions

Answer 57

- Involve defining who has access to specific data and what they can do with it

Question 58

Data Loss Prevention (DLP)

Answer 58

- Set up to monitor the data of a system while it's in use, in transit, or at rest in order to detect any attempts to steal the data

Question 59

Endpoint DLP System

Answer 59

- A piece of software that's installed on a workstation or a laptop, and it's going to monitor the data that's in use on that computer

Question 60

Network DLP System

Answer 60

- Piece of software or hardware that's a solution placed at the perimeter of the network to detect data in transit

Question 61

Storage DLP

Answer 61

- Software installed on a server in the data center that inspects the data while it's at rest on the server

Question 62

Cloud-based DLP System

Answer 62

- Usually offered as a SAAS, and it's part of the cloud service and storage needs