Data Protection (OBJ 1.4, 3.3, 4.2, 4.4, & 5.1)

Data Protection

• Process of safeguarding information from corruption, compromise, or loss

Data Classifications

• Types
  • Sensitive
  • Confidential
  • Public
  • Restricted
  • Private
  • Critical

Data Ownership Roles

• Data Owners
• Data Controllers
• Data Processors
• Data Custodians
• Data Stewards

Data States

• States

  • Data at rest
  • Data in transit
  • Data in use

• Protection Methods

  • Disk encryption
  • Communication tunneling

Data Types

• Examples
  • Regulated data
  • Trade secrets
  • Intellectual property
  • Legal information
  • Financial information
  • Human vs non-human readable data

Data Sovereignty

• Information subject to laws and governance structures within the nation it is collected

Securing Data Methods

• Geographic Restrictions
• Encryption
• Hashing
• Masking
• Tokenization
• Obfuscation
• Segmentation
• Permission Restriction

Data Loss Prevention (DLP)

• Strategy to prevent sensitive information from leaving an organization either intentionally or unintentionally