Identify and classify information and assets

Establish processing requirements for information and assets

Data protection methods

Understand data roles

Use a safe baseline

Understand the importance of data and asset classification. The data owner is responsible for maintaining data and asset classifications and ensuring that data and ensembles are properly tagged. In addition, data owners clarify protection requirements for different categories of data, such as encryption of sensitive data at rest and in transit. Data classification is usually defined in a security policy or data policy.

PII and PHI Definitions. Personally identifiable information (PII) is any information that can identify an individual. Protected health information (PHI) is any health-related information about a specific person. Many laws and regulations require the protection of PII and PHI.

Learn how to manage sensitive information. Sensitive information can be any type of classified information, and proper management helps prevent unauthorized disclosure resulting in a breach of confidentiality. Proper management includes the identification, processing, storage and destruction of sensitive information. Two areas that organizations often miss are: adequately protecting the backup media holding sensitive information and decontaminating the media or device at the end of its life cycle.

Describe the three states of data. The three states of data are static, in transit and in use. Data at rest is any data stored on a medium such as the system's hard drive or external media. Data in transit is any data transmitted over the network. Encryption methods protect data at rest and in transit. In-use data refers to data in memory or temporary storage buffers used by the application. Applications should flush memory buffers to remove data when the data is no longer needed.

Define DLP. Data loss prevention (DLP) systems detect and block attempts to cause data breaches by scanning unencrypted data for critical data patterns. Network-based DLP systems, including cloud-based DLP systems, scan files before they leave the network. Endpoint-based DLP systems prevent users from copying or printing certain files.

Compare data destruction methods. Erasing a file does not delete the file. Cleaning media means overwriting the media with characters or bits. The purge process repeats the purge process multiple times and deletes data so that the media can be reused. Degaussing can remove data from tape and magnetic hard drives, but degaussing does not affect optical CDs, DVDs, or sSDs. Destruction methods include incineration, crushing, decomposition and dissolution.

Describe data residue. Data remnant is data that should have been deleted but remains on the media. Hard drives sometimes retain residual flux that can be read by advanced tools. Advanced tools can read the remaining space on a disk, that is, the unused space in a disk cluster. Data residue occurs when erasing data on a disk.

Understand record retention policies. Records retention policies ensure that data remains available when it is needed and is destroyed when it is no longer needed. Many laws and regulations require organizations to retain data for a specific period of time, but in the absence of formal regulations, organizations determine retention periods based on policy. Audit trail data needs to be retained long enough to reconstruct past events, but organizations must determine how far back they want to investigate. A current trend among many organizations is to reduce legal liability by implementing short-term email retention policies.

Learn the difference between EOL and EOS. End of Life (EOL) is the date when a supplier announces it will stop selling a product. However, the vendor continues to support the product after EOL. End of Support (EOS) represents the date when a vendor no longer supports a product.

Explain DRM. Digital rights management (DRM) methods provide copyright protection for copyrighted works. Its purpose is to protect against unauthorized use, modification and distribution of copyrighted works.

Explain CASB. The Cloud Access Security Broker (CASB) conceptually sits between users and cloud resources. It applies internal security controls to cloud resources. CASB components can be deployed on-premises or in the cloud.

Define pseudonymization. Pseudonymization is the process of replacing certain data elements with pseudonyms or aliases. It removes private data so that the dataset can be shared with relevant parties. However, the original data is still available in a separate dataset.

Define tokenization. Tokenization replaces data elements with strings or tokens. The credit card processor replaces the credit card data with the token, and a third party holds the mapping to the original data and token.

Define anonymization. Anonymization replaces private data with useful but inaccurate data. Data sets can be shared and used for analytical purposes, but anonymization removes personal identities. Anonymization is permanent.

Understand the responsibilities of the data role. The data owner is responsible for classifying, labeling and protecting the data. The system owner is responsible for the system that handles the data. The business/mission owner owns the process and ensures the system delivers value to the organization. The data controller decides which data is to be processed and how it is processed. Data processors are generally third-party entities that process data for an organization under the direction of a data controller. Administrators grant access to data based on guidelines provided by the data owner. Users or subjects access data while performing tasks. Data custodians have day-to-day responsibilities for protecting and storing data.

Understand the security control baseline. The security control baseline provides a list of controls that can be used as a baseline by an organization. Not all baselines are suitable for all organizations. However, organizations can apply scoping and customization techniques to adapt the baseline to their own needs.

1.Which of the following provides the best protection for the confidentiality of sensitive data? A.Data label B. Data classification C.Data processing D. Data degaussing method

2. Administrators regularly back up data on all servers in the organization. They name the backup copy with the server it came from and the date it was created, and transfer it to an unattended storage warehouse. Later, they discovered that someone had leaked sensitive emails between executives on the Internet. Security personnel discovered that some backup tapes were missing and may have contained compromised emails. Which of the following options would prevent this loss without sacrificing security? A. Label media leaving the local site. B. Do not store data at off-site sites. C. Destroy the off-site site backup. D. Use secure off-site storage facilities.

3. Administrators have been using tapes to back up servers in their organization. But the organization is switching to a different backup system, storing backups on disk drives. What is the final stage of the life cycle of media being used as backup? A. Degaussing B. Destroy C. Unclassification D. Reserve

4You are updating your organization's data strategy and want to identify the responsibilities of various roles. Which of the following data roles is responsible for classifying data? A. Controller B. Custodian C.Owner D.User

5. Your task is to update the organization's data strategy, which requires identifying the responsibilities of different roles. Which data role is responsible for enforcing the protection defined by the security policy? A. Data custodian B. Data Users C. Data Processor D. Data Controller

6. A company maintains an e-commerce server for selling digital products on the Internet. When a customer makes a purchase, the server stores the following information about the buyer: name, physical address, email address, and credit card data. You are hired as an outside consultant to advise them on changes in their practices. Which of the following can a company implement to avoid apparent vulnerability? A. Anonymization B. Pseudonymization C. Change company address D. Collection restrictions

7. During your annual review of your company’s data strategy, you came across some confusing descriptions related to security labels. Which of the following could you insert to accurately describe security labels? A. Only digital media requires security labels. B. Classification of security label identification data. C. Only hardware assets require security labels. D. Security labels are never used for non-sensitive data.

8 Database file contains personally identifiable information (PIDs) for multiple people, including Karen C. Park. Which of the following is Best identifier for a Karen C. Park record? A. Data Controller B. Data owner C. Data Processor D.Data subject

9. Administrators regularly back up all email servers within the company and regularly purge local emails older than six months to make them comply with the organization's security policy. They keep a backup copy at their local site and send the copy to one of the company's warehouses for long-term storage. Later, they discovered that someone had leaked sensitive emails sent between executives three years ago. Of the following options, which policy was ignored and resulted in this data breach? A. Media destruction B. Record Retention C. Configuration management D.Version control

10. An executive is reviewing governance and compliance issues and ensuring security or data policies address them. Which of the following security controls is most likely driven by legal requirements? A. Data residue B. Record destruction C.Data user role D.Data retention

11. Your organization is donating several computers to local schools. Some of these computers contain solid state drives (SSD). Which of the following is the most reliable way to destroy data on these SSDs? A. Erase B.Degaussing C.Delete D. clear

12.

subtopic

subtopic

15. Your organization's security policy should use symmetric encryption for sensitive data stored on servers. What kind of guidelines are they implementing? A. Protect data at rest B. Protect data in transit C. Protect data in use D. Protect data life cycle

16. An administrator plans to deploy a database server and wants to ensure its security. He reviews the baseline security control list and determines the security controls that apply to the database server. What is this process? A. Tokenization B. Scoping C. Standard selection D. Mirror

17. An organization is planning to deploy an e-commerce website hosted on a web farm. IT administrators have identified a list of security controls that they believe will provide the best protection for the project. Management is now reviewing the list and removing any security controls that are inconsistent with the organization's mission. What is this process called? A. Customized B. Purification C. Asset classification D. Minimize

18. An organization is planning to use a cloud provider to store some data. Management wants to ensure that all data-based security policies implemented within the organization's internal network can also be implemented in the cloud. Which of the following would support this goal? A.CASB B. DLP C. DRM D. EOL

19. Management is concerned that users may inadvertently transmit sensitive data outside the organization. They wanted to implement a way to detect and prevent this from happening. Which of the following can detect outgoing sensitive data based on specific data patterns and is the best option to meet these requirements? A. Anti-malware software B. Data Loss Prevention System C. Security Information and Event Management System D.Intrusion prevention system

20. A software developer creates an application and wants to protect it using DRM technology. Which of the following options are available? (Choose three.) A. Virtual Licensing B. Persistent online identity authentication C. Automatic expiration D. Continuous audit trail