Data Protection Flashcards
Sensitive Data
Any information that can result ina aloss of security or a loss of advantage to a company if accessed by an unauthorized person.
Public Data
Has no impact on the company if released and is often posted in an open-source environment
Private Data
Contains data that should only be used within the org
Confidential Data
Contains items such as trade secrets, intellectual property data, and source code that affect the business if disclosed.
Critical
Contains valuable information
What are the government classifications?
Unclassified
Sensitive but Unclassified
Confidential (serious effect)
Secret (Serious Damage)
Top Secret
Data Owner
Senior executive role that has the responsibility for maintaining the CIA of the asset.
Data Controller
Entity that holds responsibility for deciding the purposes + methods of data storage, collection, and usage, and for guaranteeing the legality of processes.
Data Processor
A group of individuals hired by the data controller to help with tasks like collecting, storing, or analyzing data.
Data steward
Focused on the quality of the data and the associated metadata
Data Custodian
Responsible for handling the management of the system on which the data assets are stored
Privacy Officer
Role that is responsible for the oversight of any kind of privacy-related data like PHI, PII, or SPI
How to Protect Data at Rest
Full disk encryption (FDE)
Partition Encryption
File Encryption
Volume encryption
Database encryption
Record encryption
How to Protect Data in Motion
Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
Virtual Private Network (VPN)
Internet Protocol Security (IPSec)
Data Sovereignty
Refers to the concept that digital information is subject to the laws of the country in which it is located.
The principle is that information is subject to the nation’s laws where it is collected or processed.