Chapter 3 Data Classification

Ace your homework & exams now with Quizwiz!

What should the Data Audit Policy include descriptions of

Audit periods Audit scope Audit responsibilities (internal and/or external) Audit processes and procedures Applicable regulations Monitoring, maintenance, and enforcement

What is fair use : News reporting?

Because an informed populace is essential to a free society, we have waived some intellectual property protections for reporting purposes

Challenges of DRM in the Cloud: Mapping Identity and Access Management (IAM) and DRM

Because of the extra layer of access control (often involving content-specific Access Control Lists (ACLs), the DRM IAM processes might conflict or not work properly with the enterprise/cloud IAM. This is even truer when cloud IAM functions are outsourced to a third party, such as a cloud access security broker (CASB).

Challenges of DRM in the Cloud: API Conflicts

Because the DRM tool is often incorporated into the content, usage of the material might not offer the same level of performance across different applications, such as content readers or media players.

What is Data Analytics discovery methods?

Creates new data feeds from sets of data already existing within the environment

What is the sole pragmatic option for data disposal in the cloud?

Cryptoshredding

Challenges of DRM in the Cloud: Replication Restricitions

DRM often involves preventing unauthorized duplication, and the cloud necessitates creating, closing, and replicating virtualized host instances (including user-specific content stored locally on the virtual host), DRM might interfere with automatic resources allocation processes.

Challenges of DRM in the Cloud: Agent/Enterprise Conflicts

DRM solutions that require local installation of software agents for enforcement purposes might not always function properly in the cloud environment, with virtualization engines, or with the various platforms used in a bring your own device (BYOD) enterprise.

What is the Criticality classification of information?

Data that is deemed critical to organizational survival might be classified in a manner distinct from trivial, basic operational data. As we know from previous lessons, the BIA helps us determine which material would be classified this way.

What is Retention period?

Defines how long the data should be kept by an organization and is often expressed in a number of years.

What is the Functional Unit information category?

Each department or office might have its own category, and keep all data it controls within its own category.

What is Fair Use?

Exceptions to copyright exclusivity

DRM Functions: Replication Restrictions

Much of the purpose of DRM is to restrict illegal or unauthorized duplication of protected content. Therefore, DRM solutions should enforce these restrictions across the many forms of copying that exist, to include screen-scraping, printing, electronic duplication, email attachments, and so on.

What is Overwriting?

Multiple passes of random characters are written to the storage areas (particular disk sectors) where the data resides, with a final pass of all zeroes or ones. This can be extremely time-consuming for large storage areas.

What is the Business Function information category?

Organization might want to have specific categories for different uses of data. Perhaps the data is tagged based on its use in billing, marketing, or operations.

What is a Trademark?

Protects the esteem and goodwill that an organization has built among the marketplace, especially in public perception.

What is Datamining?

Refers to a kind of data analysis which is an outgrowth of the possibilities offered by the regular use of the cloud, also known as "big data."

What is Data Classification?

Refers to the responsibility of the data owner which takes place in the Create phase and is assigned according to an overall organizational motif based on a specific characteristic of the given dataset.

Applications of Digital Rights Management (DRM): Online Reference Checks

Requires users to enter a product key at installation. The program then later checks the product key against an online database when the system connected to the internet.

What is Fair Use: Scholarly Research?

Similar to academic fair use, but among researchers instead of teachers and students.

What are Digital Rights Management (DRM) tools?

Solutions that protect intellectual property.

What is the by project information category?

Some organizations might define datasets by the projects they are associated with, as a means of creating discrete, compartmentalized projects.

What is Fair Use: Personal Backup?

Someone who has legally purchased a licensed work may make a single backup copy for themselves, for use if the original fails. This explicitly includes computer programs.

What is Agile Business Intelligence?

State-of-the-art datamining involves recursive, iterative tools and processes that can detect trends in trends, and identify even more oblique patterns in historical and recent data.

DRM Functions: Automatic Expiration

The DRM protections should cease when the legal protections cease. Conversely, licenses also expire; access and permissions for protected content should likewise expire, no matter where that content exists at the end of the license period.

DRM Functions: Continuous Auditing

The DRM should allow for comprehensive monitoring of the content's use and access history.

DRM Functions: Persistent Protection

The DRM should follow the content it protects, regardless of where that content is located, whether it is a duplicate copy or the original file, or how it is being utilized. The protection should not be rendered useless through simple operation in the production environment.

DRM Functions: Dynamic Policy Control

The DRM tool should allow content creators and data owners to modify ACLs and permissions for the protected data under their control.

Challenges of DRM in the Cloud: Jurisdictional Conflicts

The cloud extends across boundaries and borders, often in a manner unknown or uncontrolled by the data owner, which can pose problems when intellectual property rights are restricted by locale.

Applications of Digital Rights Management (DRM): Rudimentary Reference Checks

The content itself can automatically check for proper usage or ownership.

What is Jurisdiction

The geophysical location of the source or storage point of the data might have significant bearing on how that data is treated and handled

What is the Jurisdiction classification of information?

The geophysical location of the source or storage point of the data might have significant bearing on how that data is treated and handled. For instance, Personally Identifiable Information (PII) data gathered from citizens of the European Union (EU) is subject to the EU privacy laws, which are much more strict and comprehensive than privacy laws in the United States.

What is a Patent?

The legal mechanism for protecting intellectual property in the form of inventions, processes, materials, decorations, and plant life.

What is Copyright?

The legal protection for expressions of ideas is known as copyright and it doesn't include : ideas Specific words slogans recipes formulae

Data Retention Policy: Data Classification

The organization should have an overarching data classification policy that serves as guidance for data creators, owners, curators, and users, describing how and when data should be classified, and security procedures and controls for handling the various classifications (as well as enforcement mechanisms for dealing with policy infractions).

In most cases who is the data owner?

The organization that has collected or created the data. we often assign a specific data owner as being the individual with rights and responsibilities for that data; this is usually the department head or business unit manager for the office that has created or collected a certain dataset. From a cloud perspective, the cloud customer is usually the data owner. Many international treaties and frameworks refer to the data owner as the data controller. Data owners remain legally responsible for all data they own. This is true even if data is compromised by a data custodian several times removed from the data owner.

DRM Functions: Remote Rights Revocation

The owner of the rights to specific intellectual property should have the ability to revoke those rights at any time; this capability might be used as a result of litigation or infringement.

What does the data disposal policy need to describe?

The process for data disposal Applicable regulations Clear direction of when data should be destroyed

What is Datamining?

The term for the family of activities that the other options on this list derive from. This kind of data analysis is an outgrowth of the possibilities offered by regular use of the cloud, also known as "big data." When the organization has collected various data streams and can run queries across these various feeds, the organization can detect and analyze previously unknown trends and patterns that can be extremely useful.

What is a Critique?

The work may be reviewed or discussed for purposes of assessing its merit, and portions of the work may be used in these critical reviews.

What is Cryptoshredding (AKA Cryptographic Erasure)

This involves encrypting the data with a strong encryption engine, and then taking the keys generated in that process, encrypting them with a different encryption engine, and destroying the keys.

What is the sensitivity classification of information?

This is the classification model used by the military. Data is assigned a classification according to the sensitivity of the data, based on the negative impact an unauthorized disclosure would cause. In models of this kind, classification must be assigned to all data, even in the negative, so material that is not deemed to be sensitive must be assigned the "unclassified" label.

What is Metadata-based discovery method?

Used to collect all matching data elements for a certain purpose

What is Content-based discovery methods?

Used to locate and identify specific kinds of data by delving into the datasets.

What is Label-Based data discovery method?

Used when the discovery effort is considered in response to a mandate with a specific purpose

Applications of Digital Rights Management (DRM): Local Agent Checks

a reference tool that checks the protected content against the user's license.

What is Data Discovery?

a term that can be used to refer to several kinds of tasks: it might mean that the organization is attempting to create that initial inventory of data it owns that the organization is involved in electronic discovery ("ediscovery," the legal term for how electronic evidence is collected as part of an investigation or lawsuit; it can also mean the modern use of datamining tools to discover trends and relations in the data already in the organization's inventory.

Data Retention Policy: Applicable Regulation

can be mandated by statute or contract; the retention policy should refer to all applicable regulatory guidance. This is especially true in cases where there is conflicting regulation; the policy should then also highlight any such disparity, and include mention of senior management's decision for how to approach and resolve this conflict with the policy as an appropriate mechanism. the policy should then explicitly state the conflicting periods, as well as the period senior management determined as the solution.

What is Real-time analytics?

datamining functionality concurrently with data creation and use. These tools rely on automation and require efficiency to perform properly.

Data Retention Policy: Retention Formats

description of how the data is actually archived—that is, what type of media it is stored on, and any handling specifications particular to the data. the policy should include a description of the encryption engine, key storage and retrieval procedures, and reference to the applicable regulation(s)

What are Patents?

the legal mechanism for protecting intellectual property in the form of inventions, processes, materials, decorations, and plant life typically last for 20 years from the time of the patent application.

What are the phases in order of The Data Life Cycle?

1. Create 2. Store 3. Use 4. Share 5. Archive 6. Destroy

How long do copyrights typically last?

70 years after the authors death or 120 years after the first publication of a work for hire.

What is Fair Use: Satire?

A mocking sendup of the work may be created using a significant portion of the original work.

What is Retention format?

A policy that contains a description of how the data is actually archived, that is, what type of media it is stored on.

What is a Data audit?

A powerful tool to regularly review, inventory, and inspect usage and condition of the information that an organization owns

Data Retention Policy: Monitoring, Maintenance, and Enforcement

As with all policies in the organization, the policy should list, in detail, how often the policy will be reviewed and amended, by whom, consequences for failure to adhere to the policy, and which entity within the organization is responsible for enforcement.

Data Retention Policy: Archiving and Retrieval Procedures

Having data in storage is useful; stored data can be used to correct production errors, can serve as business continuity and disaster recovery (BC/DR) backups, and can be datamined for business intelligence purposes. But stored data is only useful if it can be retrieved and put back into production in an efficient and cost-effective manner. The policy should include a detailed description of the processes both for sending data into storage and for recovering it. This element of the policy (the detailed processes) might be included as an attachment or mentioned by reference to the actual documentation for the processes; the processes might require more frequent updates and editing than the policy and could be kept separate.

Data Retention Policy: Retention Periods

How long the data should be kept by the organization. This usually refers to data that is being archived for long-term storage—that is, data not currently being used in the production environment. often expressed in a number of years and is frequently set by regulation or legislation (see the next item). can also be mandated or modified by contractual agreements.

What is Academic Fair Use?

Instructors can make limited copies or presentations of copyrighted works for educational purposes.

What is Cryptoshredding?

Involves encrypting the data with a strong encryption engine, and then taking the keys generated in that process, encrypting them with a different encryption engine, and destroying the keys.

In most cases who is the data custodian?

Is any organization or person who manipulates, stores, or moves the data on behalf of the data owner. Within the organization, a data custodian might be a database administrator. In the cloud context, the data custodian is usually the cloud provider. From an international perspective, the data custodian is also known as the data processor. Data custodians do not necessarily all have direct relationships with data owners; custodians can be third parties, or even further removed down the supply chain.

What is copyright?

Legal protection for the tangible expressions of ideas . In the US it is granted to anyone who first creates an expression of an idea. Usually involves literary works, films, music, software, and artistic works. Does not cover ideas, specific words, slogans, recipes or formulae.

What is Fair Use: Library Preservation?

Libraries and archives are allowed to make limited numbers of copies of original works in order to preserve the work itself.

What are Trade Secrets?

intellectual property that involve many of the same aspects as patented material: processes, formulas, commercial methods, and so forth. They can also include some things that aren't patentable, such as aggregations of information (this might include lists of clients or suppliers, for instance). also somewhat like copyrights in the United States, in that protections for them exist upon creation, without any additional requirement for registration. The must be secret. They cannot be disclosed to the public, and efforts must be made to maintain secrecy in order to keep this legal protection. lasts into perpetuity, as long as the owner is still using it in commercial activity.

What is a Trademark?

intended to be applied to specific words and graphics. are representations of an organization—its brand. meant to protect the esteem and goodwill that an organization has built among the marketplace, especially in public perception. can be the name of an organization, or a logo, a phrase associated with an organization, even a specific color or sound, or some combination of these. last into perpetuity, as long as the owner continues to use them for commercial purposes.

What is Degaussing?

involves applying strong magnetic fields to the hardware and media where the data resides, effectively making them blank. It does not work with solid-state drives.

What is Fair Use: Versions for People with Physical Disabilities?

it is legal to make specialized copies of licensed works for use by someone with a disability. This could, for instance, include making a Braille or audio copy of a book for use by the blind.

What is the Regulatory Compliance information category?

organization may want to create categories based on which regulation(s) apply to a specific dataset. This might include Graham-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley (SOX), and/or Health Insurance Portability and Accountability Act (HIPAA) compliance.

Applications of Digital Rights Management (DRM): Support Based Licensing

predicated on the need of continual support for content; this is particularly true of production software. Licensed software might be allowed ready access to updates and patches, while the vendor could prevent unlicensed versions from getting this type of support.

Applications of Digital Rights Management (DRM): Presence of Licensed Media

require the presence of licensed media, such as disks, in the system while the content is being used. The DRM engine is on the media, often installed with some cryptographic engine that identifies the unique disk and the licensed content, and allowing usage based on that relationship.

What should data labeling do?

should indicate who the data owner is, usually in terms of the office or role, instead of an individual name or identity (because, of course, personnel can change roles with an organization, or leave for other organizations). should take whatever form is necessary for it to be enduring, understandable, and consistent should be evident and communicate the pertinent concepts without necessarily disclosing the data they describe. might include the following kinds of information: Date of creation Date of scheduled destruction/disposal Confidentiality level Handling directions Dissemination/distribution instructions Access limitations Source Jurisdiction Applicable regulations


Related study sets

Honors World History B Unit 6: World War I and the Russian Revolution

View Set

Chapter 27: Lower Respiratory Problems

View Set

Gen Bio Chapter 11 - Human Organization Quiz

View Set

Study Guide: Unit 4 and 5 APUSH Exam

View Set

Chapter 6: Accounting for General Long- Term

View Set

Ética y Valores - 1.1 Breve Historia de la Ética (Resumen)

View Set