3.3 Compare and contrast concepts and strategies to protect data. Flashcards
(39 cards)
- Data types
- Regulated
- Trade secret
- Intellectual property
- Legal information
- Financial information
- Human- and non-human - readable
Regulated Data
■ Controlled by laws, regulations, or industry standards
■ Compliance requirements
● General Data Protection Regulation (GDPR)
● Health Insurance Portability and Accountability Act (HIPAA)
PII (Personal Identification Information)
■ Information used to identify an individual (e.g., names, social security numbers,
addresses)
■ Targeted by cybercriminals and protected by privacy laws
○ PHI (Protected Health Information)
■ Information about health status, healthcare provision, or payment linked to a
specific individual
■ Protected under HIPAA
Trade Secrets
■ Confidential business information giving a competitive edge (e.g., manufacturing
processes, marketing strategies, proprietary software)
■ Legally protected; unauthorized disclosure results in penalties
Intellectual Property (IP)
■ Creations of the mind (e.g., inventions, literary works, designs)
■ Protected by patents, copyrights, trademarks to encourage innovation
■ Unauthorized use can lead to legal action
Legal Information
■ Data related to legal proceedings, contracts, regulatory compliance
Requires high-level protection for client confidentiality and legal privilege
○ Financial Information
■ Data related to financial transactions (e.g., sales records, tax documents, bank
statements)
■ Targeted by cybercriminals for fraud and identity theft
■ Subject to PCI DSS (Payment Card Industry Data Security Standard)
Human-Readable Data
■ Understandable directly by humans (e.g., text documents, spreadsheets)
Non-Human-Readable Data
■ Requires machine or software to interpret (e.g., binary code, machine language)
■ Contains sensitive information and requires protection
Data classifications
- Sensitive
- Confidential
- Public
- Restricted
- Private
- Critical
Restricted data
is highly confidential business or personal information. There are often general statutory, regulatory or contractual requirements
Sensitive Data
Information that, if accessed by unauthorized persons, can result in the loss of
security or competitive advantage for a company
○ Importance of Data Classification
■ Helps allocate appropriate protection resources
■ Prevents over-classification to avoid excessive costs
■ Requires proper policies to identify and classify data accurately
Public
● No impact if released; often publicly accessible data
Private
● Contains internal personnel or salary information
Confidential
● Holds trade secrets, intellectual property, source code, etc.
■ Critical
● Extremely valuable and restricted information
Commercial Business Data Classification Levels
Public: often publicly accessible data
Sensitive: Minimal impact if released, e.g., financial data
Private : Contains internal personnel or salary information
Confidential : Holds trade secrets, intellectual property, source code, etc.
Critical : Extremely valuable and restricted information
Government Classification Levels
■ Unclassified
● Generally releasable to the public
■ Sensitive but Unclassified
● Includes medical records, personnel files, etc.
■ Confidential
● Contains information that could affect the government
■ Secret
● Holds data like military deployment plans, defensive postures
■ Top Secret
● Highest level, includes highly sensitive national security information
General data considerations
- Data states
o Data at rest
o Data in transit
o Data in use - Data sovereignty
- Geolocation
Data Sovereignty
■ Information subject to laws and governance structures within the nation it is
collected
Data at Rest
■ Data stored in databases, file systems, or storage systems, not actively moving
Data in Transit (Data in Motion)
Data actively moving from one location to another, vulnerable to interception
