Flashcards in Domain 2: Asset Security Deck (28):
any info that isn't public or unclassified
Personal Identifiable Information - any info that can be used to distinguish or trace an individuals identity
Protected Health Information - any health info that can be related to a specific person
any data that helps an org maintain a competitive edge
Data Loss Prevention Server, emails pass through, detects labels on data or applies necessary security measurs
Data at Rest
data stored on media
Data in Transit
data in motion, data transmitted over a network
Data in use
data in temporary storage buffers while an application is using it
secure transportation of media through its lifetime
The data that remains on a hard drive as a residual magnetic flux
How to remove data remanence
degausser for magnetic media, not SSDs. Use destruction to a size of 2 mm
deleting files, remains on the drive until space runs out
prepare media for reuse and assure the cleared data cannot be recovered
more intense form of clearing, repeat clearing or combine with another process
any process that purges media or a system in preparation for reuse in an unclass environment
combination of processes that removes data from a system of from media ensuring it cannot be recovered by any means
create a strong magnetic field that erases data on magnetic media
Which protocol do most HTTPS transmissions use?
TLS - Transport Layer Security
What was the predecessor to TLS?
SSL - Secure Sockets Layer but it is susceptible to the POODLE attack
What does a VPN use?
IPsec combined with L2TP
Which protocols would be used to protect data in transit on internal networks?
IPsec and SSH (Secure Shell)
What are secure protocols used to transfer encrypted files over a network?
SCP (Secure Copy) and SFTP (Secure File Transfer Protocol)
This person has the ultimate org responsibility for the data
data owner - typically CEO
This person owns the system that processes sensitive data
This person is usually the PM
a natural or legal person which processes personal data solely on behalf of the data controller
This person is responsible for granting appropriate access to personnel