Data Protection

Question 1

Data classification

Answer 1

Based on the value to the organization and the sensitivity of the information,
determined by the data owner

Question 2

Commercial Business Classification Levels

Answer 2

1. Public
2. Sensitive
3. Private
4. Confidential
5. Critical

Question 3

Government Classification Levels

Answer 3

1. Unclassified
2. Sensitive but Unclassified
3. Confidential
4. Secret
5. Top Secret

Question 4

Data Owner

Answer 4

A senior executive responsible for labeling information assets and ensuring they
are protected with appropriate controls

Question 5

Data Processor

Answer 5

A group or individual hired by the data controller to assist with tasks like data
collection and processing

Question 6

Data Controller

Answer 6

Entity responsible for determining data storage, collection, and usage purposes
and methods, as well as ensuring the legality of these processes

Question 7

Data Steward

Answer 7

Focuses on data quality and metadata, ensuring data is appropriately labeled and
classified, often working under the data owner

Question 8

Data Custodian

Answer 8

Responsible for managing the systems on which data assets are stored, including
enforcing access controls, encryption, and backup measures

Question 9

Privacy Officer

Answer 9

Oversees privacy-related data, such as personally identifiable information (PII),
sensitive personal information (SPI), or protected health information (PHI),
ensuring compliance with legal and regulatory frameworks

Question 10

PII

Answer 10

Personally Identifiable Information

Question 11

SPI

Answer 11

Sensitive Personal Information

Question 12

PHI

Answer 12

Personal Health Information

Question 13

Data Ownership Responsibility

Answer 13

The IT department (CIO or IT personnel) should not be the data owner; data
owners should be individuals from the business side who understand the data’s
content and can make informed decisions about classification

Question 14

Data at Rest

Answer 14

Data stored in databases, file systems, or storage systems, not actively moving

Question 15

Encryption Methods for data at rest

Answer 15

1. Full Disk Encryption (FDE)
2. Partition Encryption
3. File Encryption
4. Volume Encryption
5. Database Encryption
6. Record Encryption

Question 16

Data in Transit

Answer 16

Data actively moving from one location to another, vulnerable to interception

Question 17

Transport Encryption Methods

Answer 17

1. SSL and TLS
2. VPN
3. IPSec

Question 18

SSL

Answer 18

Secure Sockets Layer

Secure communication over network, widely used in web browsing and email

Question 19

TLS

Answer 19

Transport Layer Security

Supersedes SSL

Question 20

VPN

Answer 20

Virtual Private Network

Creates secure connections (tunnels) over less secure networks like the internet

Question 21

IPSec

Answer 21

Internet Protocol Security

Secures IP communications by authenticating and encrypting IP packets

Question 22

Data in Use

Answer 22

Data actively being created, retrieved, updated, or deleted

Question 23

Data in Use protection methods

Answer 23

1. Encryption at application level
2. Access Controls
3. Secure Enclaves
4. Memory Encryption

Question 24

Secure Enclave

Answer 24

Isolated environment for processing sensitive data

Question 25

Regulated data

Answer 25

Data that is controlled by laws, regulations, or industry standards. Subject to compliance requirements (GDPR, HIPAA etc.)

Question 26

GDPR

Answer 26

General Data Protection Regulation - Protects EU citizens' data within EU and EEA borders - Compliance required regardless of data location - Non-compliance leads to significant fines

Question 27

HIPAA

Answer 27

Health Insurance Portability and Accountability Act

Question 28

PCI DSS

Answer 28

Payment Card Industry Data Security Standard

Question 29

Data Sovereignty

Answer 29

Digital information subject to laws of the country where it's located Gained importance with cloud computing's global data storage

Question 30

Geographic Restrictions

Answer 30

aka Geofencing - Virtual boundaries to restrict data access based on location - Compliance with data sovereignty laws - Prevent unauthorized access from high-risk locations

Question 31

Encryption

Answer 31

- Transform plaintext into ciphertext using algorithms and keys - Protects data at rest and in transit - Requires decryption key for data recovery

Question 32

Hashing

Answer 32

- Converts data into fixed-size hash values - Irreversible one-way function - Commonly used for password storage

Question 33

Masking

Answer 33

- Replace some or all data with placeholders (e.g., "x") - Partially retains metadata for analysis - Irreversible de-identification method

Question 34

Tokenization

Answer 34

- Replace sensitive data with non-sensitive tokens - Original data stored securely in a separate database - Often used in payment processing for credit card protection

Question 35

Obfuscation

Answer 35

- Make data unclear or unintelligible - Various techniques, including encryption, masking, and pseudonyms - Hinder unauthorized understanding

Question 36

Segmentation

Answer 36

- Divide network into separate segments with unique security controls - Prevent lateral movement in case of a breach - Limits potential damage

Question 37

Permission Restrictions

Answer 37

- Define data access and actions through ACLs or RBAC - Restrict access to authorized users - Reduce risk of internal data breaches

Question 38

DLP

Answer 38

Data Loss Prevention