📉
Cybersec mit Shahid
  • Linux
    • Linux Basic to Advanced
    • Linux Hardening
      • Labs
        • Linux Hardening Labs - Making the /boot Volume Read-only
    • Linux Fundamentals
    • User Management
    • Linux PrivEsc
    • Package Management
    • Advanced Linux Programming
    • Linux Command Line Tools
    • Search
    • Ports
    • Troubleshooting
      • How to Fix sub-process /usr/bin/dpkg returned an error code (1) in Ubuntu
  • Windows
    • Windows Hardening
    • Windows Command Line Tools
    • System Hardening
    • Windows Server Update Services (WSUS)
    • Windows Commands
    • Harden Windows Hosts
  • ISO 27001
  • NIST
    • NIST SP 800-82
  • Ethical Hacking Stages
    • Cybersecurity Kill Chain
      • Labs
        • Linux Attack and Response Lab
        • Implementing a network policy server
        • Network Vulnerabilities
        • Analyze Malicious Activity in Memory Using Volatility
        • Scanning and Remediating Vulnerabilities with OpenVAS
        • Install and Configure Network Load Balancing
    • OSINT (Open Source Intelligence)
      • Sock Puppets
      • Google Dorking
      • Social Media OSINT
      • OSINT Advanced
    • Web Hacking Fundamentals
      • OWASP Top 10
        • Pickle Rick (Tryhackme)
        • Injection
        • Broken Authentication
    • Red Team and Blue Team
    • Walkthrough: Luanne
      • Archetype
    • MITRE ATT&CK Framework
      • SSH Authorized Keys
  • CompTIA Security+
    • Threats, Attacks and Vulnerabilities
    • Technologies and Tools
    • Architecture and Design
    • Identity and Access Management
      • Labs
    • Risk Management
      • Policies-Personnel
      • Business Impact Analysis
      • Risk Assessments
      • Incident Response
      • Forensics
      • Controls
      • Data Privacy
    • Cryptography and PKI
      • Cryptographic Hardware
  • Tools
    • NMAP
    • netcat
    • Nessus
    • Wireshark
    • Metasploit
    • Burpsuites
    • Splunk
    • PRTG
  • Ransomeware for Financial Gain
    • Spearphishing
      • Untitled
  • HTB
  • Personal Spaces
  • Python
    • Requests: HTTP
    • Python Advanced Topics
    • Python and Networking
    • Python Coverage
  • CySe Python Projects
    • DDOS Tool
    • Zip Cracker
    • Clipboard Copy
    • Keylogger
    • Port Scanner
    • Location Tracker
    • Replicating Virus
    • WiFi Extractor
    • NFC Cracker
  • Docker
    • Installing Docker and Docker Compose on Raspberry Pi
  • Docker Compose
  • Git
  • IoT Security
  • CPP
  • Networking
    • How exactly security key work and how their improvement over an OTP solution?
    • Securing Network Traffic
    • Network Scanning Python
  • Networking and Security Architecture with VMware NSX
  • Important Links
  • Security Certification
  • Notes
  • Group 1
    • Google Cloud Platform
Powered by GitBook
On this page
  • 5.8 Given a scenario, carry out data security and privacy practices
  • Data Security and Privacy

Was this helpful?

  1. CompTIA Security+
  2. Risk Management

Data Privacy

5.8 Given a scenario, carry out data security and privacy practices

Labelling of data

Classification

Responsibility

Data Security and Privacy

  • Data Sensitivity labelling and Handling

    • Data / information classified according to its value and level of sensitivity

    • The appropriate level of security can be applied

    • Process should be

      • Easy to apply

      • Consistent

      • Visible

    • Data Sensitivity Classifications

      • Public / unclassified - no harm if disclosed

      • Confidential - Limited harm if disclosed

      • Secret - Grave harm if disclosed

      • Proprietary - Information regarding people

    • Sensitive Data Types - Legal

      • PII - Personally Identifiable Information

        • Data that identifies or is traceable to a specific individual

        • Name, Social Security Number, Biometric, Address

        • see NIST SP800-122

      • PHI- Protected (or personal) health Information

        • HIPAA: any information about health status, provision of health care, or payment for health care that is created or collected by a "Covered Entity" that can be linked to a specific individual.

  • Data Roles

    • Data Owner

    • Data Custodian

    • Privacy Officer

  • Data retention

    • US Federal Rules of Civil Procedure (FRCP)

    • Keep information for only as long as you need it and no longer

    • Set in a Data Protection Policy

  • Legal and Compliance

  • Data Disposal. destruction, and Media Sanitization

    • Properly disposing of data and associated hardware

    • Trusting third parties for destruction

    • Observe destruction process

    • Transportation to destruction facility

    • Use of media after destruction

    • Best Practices is to combine methods

      • Burning - use of heat or fire. Not environmental friendly

      • Shredding- Reduces the size of objects with the intent of making them no longer usable. Items may stil be re-assembled

      • Pulping- Reduces paer to liquid slirry. Can the be safely recycled.

      • Pulverizing - Using hydraulic or pneumatic action to reduce the materials to loose fibres and shards. Disadvtage high cost

      • Degaussing- Using a large magnet to remove data from magnetic storage media such as hard drives and magnetic tapes

      • Purging- Removing files and all traces of data. Sanitization

      • Wiping- Overwriting data. Data is replaced (often with random 0's & 1's) and then removed.

PreviousControlsNextCryptography and PKI

Last updated 2 years ago

Was this helpful?