3.3 Data Types and Classifications

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/8

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

9 Terms

1
New cards

Data Types

One of the most important assets that an organization owns is their data.

  • But not all data is the same

2
New cards

Regulated Data

This means that a third party sets the rules on how that data should be protected.

  • You also need to be concerned about government laws and regulations, which may dictate how data can be stored and for how long.

    • For example, if your organization stores credit card information, that credit card data is stored in a way that complies with the Payment Card Industry Standards.

3
New cards

Trade secrets

Every organization has their own set of secrets and processes that are known only to the organization.

  • Many organizations would love to get their hands on these secrets, so it’s important that we have the proper security for this type of data.

4
New cards

Intellectual Property

A type of data that often other people are able to see.

  • But we protect that data in different ways.

  • Very common to protect intellectual property using copyrights and trademark law.

5
New cards

Legal Information

Has its own challenges with being able to provide information that should be public but protect information that needs to be private.

  • In many parts of the world, legal records are public information. You can view the court records, the judge and attorney information, and other details.

  • But of course, aspects of those legal proceedings may contain private information.

    • So anything that could be considered personally identifiable information and other sensitive details may be stored in a different format.

  • And in many cases, all of this data is stored in different systems

    • Some that are specific to the court itself and others that might be available to the public.

6
New cards

Financial Information

Certainly, the internal, financial details for a company should be kept private.

  • Internal company financial details

  • Customer financials

  • Payment records

  • Credit card data, bank records, etc.

But of course, your own financial details, bank account information, and other payments that you’re making are also a type of sensitive data that should not be shared with others.

7
New cards

Human/non-human Readable Data Types

Some data types are very easy for a human to understand.

  • We can read through a document or look at a spreadsheet, and it’s very obvious what we’re looking at on the screen.

But other data types may be non-human readable.

  • Encoded data

  • Barcodes

  • Images

Some formats are a hybrid

  • We might have a barcode, which obviously is difficult to interpret for a human. But we might include the numbers at the bottom of the barcode so that humans can read this along with the computers.

8
New cards

Classifying Sensitive Data

As you can already tell, different types of data may have different levels of sensitivity, and we might want to classify them in different ways.

  • For example, in many states, license tag numbers can be easily referenced, and you can find out information about the owner of that license tag.

  • But information about your medical history should never be accessible to others.

    • And so we might set different sensitivity levels on those two types of data.

Different levels require different security and handling

  • We might want to add specific permissions that would only allow certain individuals to gain access to that data

  • Or perhaps there’s a different process to view the data depending on how sensitive the data might be.

  • And for very sensitive data, we might create a restricted area of the network where only specific individuals might gain access to that data

9
New cards

Data Classification

Based on very broad categories of data, we should be able to create different classifications and, therefore, different levels of access into this type of data.

  • We might have a classification of sensitive data.

    • This might include things that may be intellectual property, PII, or PHI. We could also have confidential data.

  • We could also have confidential data.

    • This would be something that is more sensitive, and you would need additional access to be able to view it.

  • If you’re working with the government, you probably have seen public or unclassified data, which describes information that anyone should be able to view.

    • If this data is a bit more sensitive, we might want to add an additional classification of private, classified, or restricted

    • Which means you might need additional rights and permissions, or you may need to sign a non-disclosure agreement just to have access to the data.

  • And anything that is classified as critical is data that should always be accessible.

    • This means that we should create processes and procedures to maintain the uptime and availability to that data.