What is Information Classification?
The process by which organizations assess the information they hold and the level of protection it should be given based on the information’s risk to loss or harm from disclosure.
What is Information Categorization?
Labelling information based on its type such as a specific category or other label defined by an organization.
What is Security Category?
Categorization of information or information system based on potential impact of loss of confidentiality, integrity, and availability.
What are the necessary steps to categorize information?
- Identify all information types of data (input, stored, processed, output)
- use defined criteria to assign levels of impact, assign system security category
Which resources are available for classification and categorization?
- NIST SP 800-53 (to develop information classification and categorization systems)
- NIST SP 800-60 (to map security categories)
- ISO/IEC 27001 (Information security management)
What is the most common option to protect data in transit?
Using encryption and keys
What is an encryption key?
A piece of information in a digitized form used by an encryption algorithm to convert plaintext to cyphertext.
What are the key characteristics of a symmetric key algorithm?
- Encryption using “shared secret” key
- Used to encrypt and decrypt
- Only addresses confidentiality
What are the key characteristics of an asymmetric key algorithm?
- Encrypt using two keys: a public key shared with all users and a private key kept secret to user
- Keys used in tandem to encrypt/decrypt
What are the key characteristics of a hash function?
- unique value derived from message
- message digest validates the message is not modified
What is the key characteristics of Public Key Infrastructure?
- Infrastructure that enables users to exchange data securely in public spaces using private cryptographic key pair from trusted authority
What is SSL?
Secure Socket Layers: a cryptographic protocol designed to provide authentication and data encryption.
What is TLS?
Transport Layer Security: it replaces SSL. It provides communication privacy over the internet.
What are the characteristics of Secure/Multipurpose Internet Mail Extensions (S/MIME)?
- Electronic messaging application security
- Authentication
- Message integrity
- Non-repudiation of origin
- Privacy
- Data security
What are the five types of certificates for digital signatures and identification?
1) Client SSL certificate
2) Server SSL certificate
3) S/MIME certificate
4) Object-signing certificate
5) Certificate Authority (CA) certificate
What are other additional options to provide the security of digital signatures and identification?
- Public key infrastructure (PKI)
- Certificate chain
- Digital signatures
- Non-repudiation
