Chapter 5.8 Flashcards
PHI
Protected Health Information (PHI) refers to medical and insurance records, plus associated hospital and laboratory test results. PHI is associated with a specific person or used as an anonymized or de-identified data.
PII
Personally Identifiable Information (PII) is data that can be used to identify, contact, or locate an individual. A Social Security Number (SSN) is a good example of PII.
Confidential
Confidential (or low) information is highly sensitive, and intended for viewing only by approved persons within the organization (and possibly by trusted third-parties under NDA). Confidential is a category defined by a military classification scheme.
Proprietary
Proprietary information or intellectual property (IP) is information created by a company, typically about the products or services that they make or perform.
Archives
Archives refer to sets of data. Since data retention is high-priority, an archive plan should be established and/or reviewed to ensure data sets are held for the appropriate length of time.
System Images
System images are copies of entire computer systems. These images are helpful during investigations as backup copies. A system image is a backup technique and does not address retention needs.
Secret
Secret (or medium) information is too valuable to permit any risk of capture. Viewing is severely restricted to authorized individuals only.
Classified
Classification restricts who may see a document’s contents. Classified (private, restricted, internal use only, official use only) material restricts viewing to the owner organization or third-parties under a Non-Disclosure Agreement (NDA).
Unclassified
Unclassified (public) information is available to anyone, and holds no viewing restrictions.
Data owner
A data owner has the ultimate responsibility for maintaining the confidentiality, integrity, and availability of the information asset. The owner is also responsible for labeling the asset (such as determining who should have access and determining the asset’s criticality and sensitivity).
Data steward
A data steward role is primarily responsible for data quality. This involves tasks such as ensuring data is labeled and identified with appropriate metadata, and that data is collected and stored in a format that complies with regulations.
Data custodian
A data custodian is responsible for managing the system where the data assets are stored. This includes responsibility for enforcing access control, encryption, along with backup and recovery measures.
System administrator
A system administrator is responsible for ensuring the upkeep of the technical systems that provide functionality for the business.
Wiping
Wiping the media involves erasing. There are many methods and utilities available to perform such actions, like low level format. This method may be time consuming, but it is cost effective and requires very little interaction.
Burning
Burning media involves using fire to destroy contents. Burning releases toxins that can be dangerous and should only be performed in a controlled environment
