CompTIA Security+ Section 7

What is data classification?

Data classification is the process of categorizing data based on its value to the organization and its sensitivity if disclosed.

Who determines the classification level of data?

The data owner decides the classification level of data.

What is considered sensitive data?

Sensitive data is information that, if accessed by unauthorized persons, could result in the loss of security or advantage to the organization.

What can happen if data is overclassified?

Overclassification of data can lead to unnecessary protection costs, additional personnel, and increased access controls.

What are the four common data classification levels for commercial businesses?

The four levels are public, sensitive, private, and confidential, ranked from lowest to highest.

What is public data?

Public data has no impact on the company if released and is typically shared openly, like on a website.

What is sensitive data?

Sensitive data may have minimal impact if released, such as internal financial data or unfinished projects.

What is private data?

Private data includes personal records, salary information, and other data used only internally within an organization.

What is confidential data?

Confidential data includes trade secrets, intellectual property, and information that can significantly affect the organization if disclosed.

What is critical data?

Critical data is extremely valuable and any breach of access could result in serious damage; it is highly restricted.

What are the five classification levels for governmental organizations?

The levels are unclassified, sensitive but unclassified, confidential, secret, and top secret, from lowest to highest.

What is unclassified data?

Unclassified data can be released to the public or accessed under the Freedom of Information Act.

What is sensitive but unclassified data?

Sensitive but unclassified data includes items like medical records or personal files that would impact individuals if disclosed but not national security.

What is confidential data in a government context?

Confidential data includes trade secrets or information that could harm national security if disclosed.

What is secret data?

Secret data includes military plans or other information that could severely damage national security if disclosed.

What is top secret data?

Top secret data includes extremely sensitive information, like weapon blueprints, that could gravely damage national security if exposed.

Why is data classification important?

Data classification helps prioritize protection efforts based on the value and sensitivity of the data, ensuring efficient use of resources.

What should an organization do with data after it’s no longer needed?

Organizations should follow defined policies for data retention and disposal, ensuring compliance with legal and regulatory requirements.

What is data ownership?

Data ownership is the process of identifying the person responsible for the confidentiality, integrity, availability, and privacy of the information assets.

Who is the data owner?

The data owner is a senior executive responsible for maintaining the confidentiality, integrity, and availability of the information asset.

What is the role of a data owner?

The data owner is responsible for labeling assets and ensuring they are protected with appropriate controls.

What is a data controller?

The data controller decides the purposes and methods of data storage, collection, and usage and guarantees the legality of these processes.

Who is accountable for privacy breaches?

The data controller is accountable for any breaches of privacy and cannot delegate this responsibility.

What is the role of a data processor?

A data processor is hired by the data controller to assist with tasks like collecting, storing, or analyzing the data, following the controller's instructions.

What is the role of a data steward?

The data steward ensures the quality of data and its metadata, making sure that data is appropriately labeled and classified.

What is a data custodian?

A data custodian is responsible for managing the system where data assets are stored, enforcing access control, encryption, and backup recovery measures.

Who could be a data custodian?

A system administrator is an example of a data custodian.

What is the role of a privacy officer?

The privacy officer oversees privacy-related data such as PII, SPI, or PHI, ensuring compliance with legal and regulatory frameworks and managing data retention, minimization, and sovereignty.

Who is responsible for a data breach?

The privacy officer is typically responsible for managing the consequences of a data breach, especially when user privacy is compromised.

Who should be the data owner in an organization?

The data owner should be someone from the business side who understands the data, not the IT department. They should be from the department that generates the information.

Who should own financial data?

The financial department or CFO should be the data owner for financial data, as they understand its context and classification.

What is data at rest?

Data at rest refers to data stored in databases, file systems, or other storage systems, not actively moving through the network or processes.

What is the risk of data at rest?

Data at rest is a prime target for threat actors, so it requires robust security measures like encryption to protect it.

What is encryption for data at rest?

Encryption converts readable data into coded data, ensuring that unauthorized users cannot access it without the decryption key.

What are the types of encryption for data at rest?

Types of encryption include full disk encryption, partition encryption, file encryption, volume encryption, database encryption, and record encryption.

What is full disk encryption?

Full disk encryption encrypts the entire hard drive, ensuring that data is encrypted when the system is off and decrypted when the user is logged in.

What is partition encryption?

Partition encryption encrypts specific partitions of a hard drive while leaving other partitions unencrypted.

What is file encryption?

File encryption encrypts individual files, often used to secure specific files, like sensitive data or codes.

What is volume encryption?

Volume encryption encrypts a set of selected files or directories to protect multiple items in a folder.

What is database encryption?

Database encryption secures data stored in a database and can be applied at the column, row, or table level.

What is record encryption?

Record encryption secures specific fields within a database record, protecting sensitive data for authorized users only.

What is data in transit?

Data in transit refers to data being actively moved from one location to another, such as across the internet or a private network.

What is the risk of data in transit?

Data in transit is vulnerable to interception and requires encryption methods to secure it during transfer.

What are the encryption methods for data in transit?

SSL/TLS, VPNs, and IPSec are used to encrypt data in transit and ensure secure communication over networks.

What is SSL/TLS?

SSL (Secure Socket Layer) and TLS (Transport Layer Security) are cryptographic protocols that provide secure communication over a network.

What is a VPN?

A VPN (Virtual Private Network) creates a secure connection over a less secure network, like the internet, to protect data during transmission.

What is IPSec?

IPSec (Internet Protocol Security) authenticates and encrypts each IP packet in a data stream to secure internet protocol communications.

What is data in use?

Data in use refers to data that is actively being created, retrieved, updated, or deleted and is in the process of being processed.

Why is data in use vulnerable?

Data in use is vulnerable because it must be decrypted for processing, creating opportunities for unauthorized access.

How can data in use be secured?

Data in use can be secured with encryption at the application level, access controls, and secure enclaves for isolated processing.

What is Intel software guard?

Intel Software Guard is a mechanism that encrypts data in memory to prevent untrusted processes from accessing it.

What is regulated data?

Regulated data is information controlled by laws, regulations, or industry standards, requiring specific security and privacy requirements.

What are examples of regulated data?

Examples of regulated data include personal identification information (PII), health records (PHI), and credit card information.

What is PII?

PII (Personally Identifiable Information) refers to any information that can identify an individual, such as names, social security numbers, and addresses.

Why is PII targeted?

PII is often targeted by cybercriminals, and its protection is mandated by privacy laws.

What is PHI?

PHI (Protected Health Information) refers to information about health status, healthcare provision, or payment for healthcare that can be linked to an individual.

What protects PHI?

PHI is protected under the Health Insurance Portability and Accountability Act (HIPAA) in the United States.

What are trade secrets?

Trade secrets are confidential business information that provides a company with a competitive edge, such as manufacturing processes and proprietary software.

How are trade secrets protected?

Trade secrets are protected by law, and unauthorized disclosure can result in severe legal penalties.

What is intellectual property (IP)?

IP refers to creations of the mind, such as inventions, literary works, designs, and symbols, protected by patents, copyrights, and trademarks.

What is the importance of protecting intellectual property?

Unauthorized use of intellectual property can lead to legal action, protecting innovation and creativity.

What is legal information?

Legal information includes data related to legal proceedings, contracts, or regulatory compliance, which requires high protection to maintain confidentiality.

What is financial information?

Financial information refers to data related to financial transactions, such as sales records, invoices, and bank statements, and is often targeted by criminals.

Why is financial information protected?

Financial information is targeted by cybercriminals for fraud or identity theft, requiring robust security measures.

What regulations protect financial information?

Financial information is often subject to regulations like the PCI DSS (Payment Card Industry Data Security Standard).

What is human-readable data?

Human-readable data is information that can be understood directly by humans, such as text documents and spreadsheets.

What is non-human readable data?

Non-human readable data is information that requires a machine or software to interpret, such as binary code or machine language.

Why is non-human readable data important?

Non-human readable data still needs to be protected, as it can contain sensitive information.

What are geographic restrictions in data security?

Geographic restrictions, or geofencing, involve setting up virtual boundaries to restrict data access based on geographic location, helping to comply with data sovereignty laws and prevent unauthorized access from high-risk locations

What is encryption in data security?

Encryption is the process of converting readable data (plaintext) into unreadable data (ciphertext) using an algorithm and an encryption key, ensuring that only authorized parties with the decryption key can access the original data.

What is hashing in data security?

Hashing is a technique that converts data into a fixed-size numerical or alphanumeric value, known as the hash value, and is used to store sensitive data like passwords and check file integrity. It is a one-way function, meaning it cannot be reversed.

What is data masking?

Data masking is the process of replacing some or all of the data in a field with a placeholder to conceal the original content, often used for de-identification while maintaining the original format.

What is tokenization in data security?

Tokenization replaces sensitive data with non-sensitive substitutes, known as tokens, while securely storing the original data in a separate database, often used in payment processing systems to protect credit card information.

What is obfuscation in data security?

Obfuscation involves making data unclear or unintelligible, using techniques such as encryption, data masking, or pseudonyms to make it difficult for unauthorized users to understand.

What is segmentation in data security?

Segmentation involves dividing a network into separate segments, each with its own security controls, preventing lateral movement of cyber criminals and limiting the damage from a breach.

What are permission restrictions in data security?

Permission restrictions involve defining who can access specific data and what actions they can perform, often managed through access control lists (ACL) or role-based access control (RBAC) to reduce internal data breaches.

What is data loss prevention (DLP)?

Data loss prevention is a system set up to monitor data while it’s in use, in transit, or at rest

What is the purpose of endpoint DLP?

An endpoint DLP system is a piece of software installed on a workstation or laptop to monitor data in use and prevent unauthorized file transfers.

What does a network DLP system do?

A network DLP system is installed at the perimeter of a network to monitor data going in and out of the network

What is storage DLP?

Storage DLP is a software installed on servers in data centers to monitor data at rest and ensure unauthorized access doesn’t occur

What is cloud

based DLP?

What is the function of DLP in general?

DLP systems monitor and enforce policies for data at rest, data in use, and data in transit to prevent unauthorized data loss and protect company assets.