Chapter 5

Top Secret

(Grave Damage) The unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe.

Secret

(Serious Damage) The unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe.

Confidential

(expected to cause Damage) The unauthorized disclosure of which reasonably could be expected to cause damage to the national security that the original classification authority is able to identify or describe.

-

-

Purging

A more intense form of clearing that prepares media for reuse in less secure environments.

APT

Advanced Persistent Threat

Unclassified

Any data that doesn't meet one of the descriptions for top secret, secret, or confidential data. Within the US, unclassified data is available to anyone, though it often requires individuals to request the information using procedures identified in the Freedom of Information Act (FOIA).

Proprietary Data

Any data that helps an organization maintain a competitive edge.

Protected Health Information (PHI)

Any health-related information that can be related to a specific person.

Degaussing

Creates a strong magnetic field that erases data on some media in a process called degaussing.

Data Classification Civilian/Non-Government

Data Classification

Data Classification Government

Data Classification

Private

Data that should stay private within the organization but doesn't meet the definition of confidential or proprietary data. (In Civilian/Non-Government)

Destroying Sensitive Data

Destroying Sensitive Data

Data Classification

Identifies the value of the data to the organization and is critical to protect data confidentiality and integrity.

Declassification

Involves any process that purges media or a system in preparation for reuse in an unclassified environment.

Record retention

Involves retaining and maintaining important information as long as it is needed and destroying it when it is no longer needed.

Sanitization

Is a combination of processes that removes data from a system or from media.

Nondisclosure Agreements (NDAs)

It's common for organizations to include when hiring new personnel.

Marking (often called labeling)

Marking Sensitive information ensures that users can easily identify the classification level of any data. Marking also includes using digital marks or labels.

"sensitive information"

Refers to any information that isn't public or unclassified.

Handling

Refers to the secure transportation of media through its lifetime.

Retaining Assets

Retaining Assets

Storing Sensitive Data

Sensitive data should be stored in such a way that it is protected against any type of loss. The obvious protection is encryption. As of this writing, AES 256 provides strong encryption and there are many applications available to encrypt data with AES 256.

Sensitive

Similar to confidential data. ((expected to cause Damage) The unauthorized disclosure of which reasonably could be expected to cause damage to the national security that the original classification authority is able to identify or describe.)

Public

Similar to unclassified data. It includes information posted in websites, brochures, or any other public source. Although an organization doesn't protect the confidentiality of public data, it does take steps to protect its integrity.

Data remanence

The data that remains on a hard drive as residual magnetic flux.

Destruction

The final stage in the life cycle of media and is the most secure method of sanitizing media.

Confidential or Proprietary

The highest level of classified data. (In Civilian/Non-Government)

Degausser

generates a heavy magnetic field, which realigns the magnetic fields in magnetic media such as traditional hard drives, magnetic tape, and floppy disk drives.

Clearing

or overwriting, is a process of preparing media for reuse and assuring that the cleared data cannot be recovered using traditional recovery tools.

Identity Theft Resource Center (ITRC)

routinely tracks data breaches. They post reports through their website (www.idtheftcenter.org/) that are free to anyone. In 2014, they tracked 783 data breaches, exposing over 85 million records. This equated to approximately 15 data breaches a week and follows a trend of more data breaches every year.)

Data Loss Prevention (DLP) 'server'

server that detects the labels, and applies the required protection.

disintegrators

shred the SSDs to a size of 2 millimeters (mm) or smaller.

Erasing

simply performing a delete operation against a file, a selection of files, or the entire media.

solid state drives (SSDs)

use integrated circuitry instead of magnetic flux on spinning platters. Because of this, SSDs do not have data remanence and degaussing them won't remove data.