Data Protection Flashcards
(24 cards)
What is Data Protection?
Safeguarding information from corruption, compromise, or loss.
List the types of Data Classifications.
- Sensitive
- Confidential
- Public
- Restricted
- Private
- Critical
Who are the Data Owners?
Individuals responsible for maintaining confidentiality, integrity, availability, and privacy of information assets.
What are the states of Data?
- Data at rest
- Data in transit
- Data in use
What is Data Sovereignty?
Information subject to laws and governance structures within the nation it is collected.
Name two methods of securing data.
- Geographic Restrictions
- Encryption
What is Data Loss Prevention (DLP)?
Strategy to prevent sensitive information from leaving an organization.
What is the importance of Data Classification?
- Helps allocate appropriate protection resources
- Prevents over-classification to avoid excessive costs
- Requires proper policies to identify and classify data accurately
Define Sensitive Data.
Information that, if accessed by unauthorized persons, can result in the loss of security or competitive advantage for a company.
What are the Government Classification Levels?
- Unclassified
- Sensitive but Unclassified
- Confidential
- Secret
- Top Secret
What is the role of a Data Steward?
Focuses on data quality and metadata, ensuring data is appropriately labeled and classified.
Fill in the blank: Data at rest refers to data that is ______.
stored in databases, file systems, or storage systems, not actively moving.
What encryption methods are used for Data at Rest?
- Full Disk Encryption (FDE)
- Partition Encryption
- File Encryption
- Volume Encryption
- Database Encryption
- Record Encryption
What are Transport Encryption Methods for Data in Transit?
- SSL (Secure Sockets Layer)
- TLS (Transport Layer Security)
- VPN (Virtual Private Network)
- IPSec (Internet Protocol Security)
What is meant by Data in Use?
Data actively being created, retrieved, updated, or deleted.
Define Regulated Data.
Controlled by laws, regulations, or industry standards.
What is Personal Identification Information (PII)?
Information used to identify an individual, such as names and social security numbers.
What is the purpose of Tokenization?
Replace sensitive data with non-sensitive tokens, while storing original data securely.
True or False: Data Sovereignty laws require data storage and processing within national borders.
True.
What are the types of Data Loss Prevention (DLP) Systems?
- Endpoint DLP System
- Network DLP System
- Storage DLP System
- Cloud-Based DLP System
What is the role of a Privacy Officer?
Oversees privacy-related data, ensuring compliance with legal and regulatory frameworks.
What does Encryption do?
Transforms plaintext into ciphertext using algorithms and keys.
What is Masking in data security?
Replace some or all data with placeholders, partially retaining metadata for analysis.
What does Segmentation accomplish in network security?
Divides network into separate segments with unique security controls to prevent lateral movement.
