Security+ Chapter 16 - Explain Privacy and Data Sensitivity Concepts
What is DLP?
Data Loss Prevention - Set of techniques and policies to ensure data is not compromised
You are preparing a briefing paper for customers on the organizational consequences of data and privacy breaches. You have completed sections for reputation damage, identity theft, and IP theft. Following the CompTIA Security+ objectives, what other section should you add?
Data and privacy breaches can lead legislators or regulators to impose fines. In some cases, these fines can be substantial (calculated as a percentage of turnover).
In order to keep data secure, you have to maintain security all the time, Name the 3 states data will be in.
Data at Rest Data in Transit Data in Use
To what data state does a trusted execution environment apply data protection?
Data in processing/data in use.
What range of information classifications could you implement in a data labeling project?
One set of tags could indicate the degree of confidentiality (public, confidential/secret, or critical/top secret). Another tagging schema could distinguish proprietary from private/sensitive personal data.
What is meant by PII?
Personally identifiable information is any data that could be used to identify, contact, or locate an individual.
Concerning Data Roles, What is the Data Custodian?
That is us usually, this role handles managing the system on which the data assets are stored
What is the difference between the role of data steward and the role of data custodian?
The data steward role is concerned with the quality of data (format, labeling, normalization, and so on). The data custodian role focuses on the system hosting the data assets and its access control mechanisms.
You are reviewing security and privacy issues relating to a membership database for a hobbyist site with a global audience. The site currently collects account details with no further information. What should be added to be in compliance with data protection regulations?
The site should add a privacy notice explaining the purposes the personal information is collected and used for. The form should provide a means for the user to give explicit and informed consent to this privacy notice.
You take an incident report from a user trying to access a REPORT.docx file on a SharePoint site. The file has been replaced by a REPORT.docx. QUARANTINE.txt file containing a policy violation notice. What is the most likely cause?
This is typical of a data loss prevention (DLP) policy replacing a file involved in a policy violation with a tombstone file.
You are preparing a solution overview on privacy enhancing technologies based on CompTIA Security+ syllabus objectives. You have completed notes under the following headings—which other report section do you need?Data minimization, Anonymization, Pseudo-anonymization, Data masking, Aggregation/Banding
Tokenization—replacing data with a randomly-generated token from a separate token server or vault. This allows reconstruction of the original data if combined with the token vault.
Concerning Data Roles, What is a Data Owner?
a senior (executive) role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of the information asset.
Concerning Data Roles, What is the Data Steward?
this role is primarily responsible for data quality
Concerning Data Roles, What is the Data Privacy Office (DPO)?
this role is responsible for oversight of any personally identifiable information (PII) assets managed by the company