Prof Messer CompTIA Sec+ SY0-701 3.3

data types

regulated

trade secret

intellectual property

legal info

regulated (data types)

- managed by 3rd party

- gov laws and statutes

trade secret (data types)

- org's sec formula

- often unique to an org

intellectual property (data types)

- may be publicly visible

= copyright and trademark restrictions

legal info (data types)

court records and docs

- any sensitive info or PII is usually stored in diff systems

financial info (data types)

company/personal financials, bank details, etc

human readable vs non human readable data

human readable

- data that humans can understand

- clear and obvious

non human readable

- data not easily understood by humans

- barcodes, images, etc

classifying sensitive data

diff categories of sensitive data require diff security and handling

- added permissions

- restricted network access

etc

data classifications

Proprietary

PII - Personally Identifiable Information

PHI - Protected Health Information

Public / Unclassified

Private / Classified / Restricted / Internal use only

Sensitive

Confidential

Critical - Data should always be available

Proprietary Data Classification

- Data that is the property of an organization

- May also include trade secrets

- Often data unique to an organization

PII (Personally Identifiable Information)

- Data that can be used to identify an individual

- Name, date of birth, mother's maiden name, biometric information

PHI - Protected Health Information

- Health information associated with an individual

- Health status, health care records, payments for health care, and much more

Sensitive data

- Intellectual property, PII, PHI

Critical data

- Data that should always be available

states of data

data at rest

data in transit/motion

data in use

data at rest

data on a storage device

- encrypt the data (whole or part)

- apply permissions

data in transit

data transmit over the network

- not much protection as it travels

network based protection

- IPS, firewalls, etc

transport encryption

- TLS and IPsec

data in use

data being actively processing in memory

- data is almost always decrypted

attackers can pick the decrypted info out of RAM

data sovereignty

Data that resides in a country is subject to the laws of that country

laws may prohibit where data is stored

Geographic restrictions

network location

- ID based on IP subnet

- can be hard with mobile devices

geolocation

- determine a user's location

- GPS = very acc

- 802.11 wireless = less acc

- IP address = not very acc

geofencing

- automatically allow or restrict access based on location

encryption (protecting data)

encode information into unreadable data

- original = plaintext

- encrypted = ciphertext

convert between one another using the right key

confusion

- encrypted data is very diff from plaintext

hashing (protecting data)

represent data is a short string of text

- message digest, fingerprint

impossible to recover original message from hash

can be used to verify downloaded files

can be a digital sig

- auth, non-repudiation, integrity

hashes should not have collisions

obfuscation (protecting data)

make something normally understandable very hard to understand

helps prevent the search for security holes

- not impossible tho

masking (protecting data)

type of obfuscation

hide some of the original data

may only be hidden from view

many diff techniques

tokenization (protecting data)

replacing sensitive data with a non-sensitive placeholder

common with credit card processing

not encryption or hashing

- the original data and token are NOT related

segmentation (protecting data)

separate the data into diff locations

- more secure

- 1 breach doesnt put everything at risk

sensitive data can have stronger security than other data