Data Governance and Security Concepts

These flashcards cover key concepts and definitions related to data governance, security protocols, data handling, and related agreements.

Data Governance

The process of managing the availability of data, defining how data can be used, identifying who can access the data, and determining how the data is secured.

Data Loss Prevention (DLP)

Policies, procedures, and technology put in place to ensure data is only accessible to appropriate people while protecting it from corruption, exfiltration, or misuse.

Confidential Data

Data that is material to the operations of a business or government organization and is restricted from general knowledge.

Sensitive Data

Data that requires additional consideration regarding its treatment, often including items like social security numbers.

Private Data

A collective term for sensitive or confidential data that belongs to an individual or company but is collected and used by someone else.

Data at Rest

Data that is neither being actively used nor being transferred.

Data in Transit

Data that is actively being transferred between computer systems.

On-Path Attack

An attack where the threat actor makes an independent connection between two victims and can modify traffic.

Data Leakage

The unauthorized transfer of data from inside an organization to a destination outside its secured boundary.

Data Exfiltration

Any type of unauthorized data theft.

Data Retention

The process an organization uses to maintain control over certain data in order to comply with policies and laws.

Retention Policies

Dictates how long information needs to be kept available on backup and archive systems.

Personally Identifiable Information (PII)

One of the most common categories of private data, subject to many regulations.

Personal Information (PI)

Information that identifies, relates to, or could be linked to a particular individual or household.

Personal Health Information (PHI)

Information collected by healthcare professionals to identify an individual and determine care.

Payment Card Industry (PCI) Data

Any data related to a payment card, such as cardholder names and credit card numbers.

Data Sovereignty

The concept that the country where data is stored has legal control over that data.

Jurisdiction

The official power to make legal decisions and judgments.

Data Use Agreement

A legal agreement specifying what data will be shared and how it can be used.

Nondisclosure Agreement (NDA)

Defines the conditions under which an entity cannot disclose information to outside parties.

Acceptable Use Agreement

Describes how data can be used and for what purpose.

Memorandum of Understanding (MOU)

An acceptable use agreement that establishes the rules of engagement between two parties.

Data Encryption

The process of converting data into unreadable text using algorithms.

IPsec (Internet Protocol Security)

A network protocol suite used to secure data through authentication and encryption.

Symmetric Cryptography

A two-way encryption scheme where both encryption and decryption use the same key.

Data Masking

A security technique to hide data by modifying it without revealing its original value.

Data Pseudonymization

A technique that replaces or removes identifying information in a data set.

Data Anonymization

The process of removing personally identifiable information to keep individuals anonymous.

Data Discovery

The process of identifying data sets requiring protection versus those that can remain unchanged.

Logical Destruction

A process that targets data in memory storage for complete destruction while maintaining physical integrity.

Block Erase

A technique specifically for SSDs to fully erase memory blocks.

Cryptographic Erase

A technique that erases or replaces the media encryption key, making encrypted data illegible.

Physical Destruction

The act of damaging a digital storage device to make data unrecoverable.

Degaussing

A destruction method that scrambles information with a strong electromagnetic field.

Change Management

The controlled identification and implementation of required changes within a database.

Capacity Planning

Estimating resources required over future periods for hardware, software, and personnel.

Vulnerability Remediation Plan

A plan that addresses the discovery, elimination, and monitoring of vulnerabilities.

Authentication

The process of verifying if someone is who they say they are.

Authorization

Providing an authenticated user permission to access specific resources.

Multifactor Authentication (MFA)

Authentication requiring at least two different categories of factors.

Identity and Access Management (IAM)

Processes and technologies for the central management of digital identities.

Schema

A distinct namespace for the management and ownership of database objects.

Least Privilege

A principle stating that users should have the minimum rights necessary to perform their role.

Authorization Creep

A situation where a user gradually acquires more rights than necessary for their job.

Password Policy

A set of rules to enhance security by encouraging proper password usage.

Service Account

A digital identity used by applications to interact with other applications.

Physical Access Controls

Controls that restrict and monitor access to specific physical areas or assets.

Video Surveillance

Security control that uses cameras to monitor activities in a certain area.

Cooling Systems

Mechanical systems used to maintain a temperature lower than the ambient temperature.

HVAC

Control systems that maintain optimal heating, cooling, and humidity levels.

Firewall

A security tool that filters network traffic based on defined rules.

Perimeter Network (DMZ)

Architectural element that provides logical security between network segments.

Port Security

Prevents a device from communicating on the network unless it matches a given MAC address.