• Investigating the incident and remediating the problem

• Contacting affected individuals to inform them about the

• Penalties and fines to regulatory agencies
• Contractual liabilities The costs commonly
• Mitigating expenses (such as free credit monitoring services for
affected individuals)
• Direct damages to affected individuals
Data Inventories
Data Flows
encrypt
steganography
• Backup and recovery
• Data life cycle
Data Protection Strategy
• Physical security
some key areas G. Data Leakage
• Security culture 1. Acquisition
• Privacy 2. Use
• Organizational change A data backup is a copy of a data set currently in use
• Sensitive data General Approaches to DLP Data Leak Prevention(DLP) that is made for the purpose of recovering from the loss
A. Information Life Cycle Backup of the original data.
• Policy engine 3. Archival
comparing competing products Implementation, Testing, and
• Interoperability A data archive is a copy of a data set that is no longer in
• Accuracy Archive use, but is kept in case it is needed at some future point
applies data protection policies to data in 4. Disposal
Resiliency is the ability to deal with challenges, damage, and
crises and bounce back to normal or near-normal condition in Network DLP (NDLP)
Each classification level should have its own handling and
short order. DLP Resiliency destruction requirements.
EXAM TIP An information asset can be either the data, the device
applies protection policies to data at rest and data in use. Endpoint DLP (EDLP)
on which it is stored and used, or both
Hybrid DLP • Confidential
• Private
NIST Special Publication 800-111, “Guide to Storage Encryption Technologies for End User commercial business
• Sensitive
The solution to protecting data • Public
in such scenarios is as simple
as it is ubiquitous: encryption. Data at Rest • Top secret
• Secret
TLS military purposes • Confidential
VPNs Data in Motion • Sensitive but unclassified
Data Security Controls
man-in-the-middle (MitM) • Unclassified
side-channel attacks
Heartbleed
Meltdown Data in Use
loopholes
Spectre
BranchScope
Media should be clearly marked and logged, its integrity should be verified, and it should be properly
erased of data when no longer needed.
Clearing is acceptable when media will be reused in the same physical environment for the same
is the practice of searching through trash at homes and businesses
to find valuable information Dumpster diving

• Tracking (audit logging)

• Effectively implementing access controls
• Tracking the number and location of backup versions
• Documenting the history of changes to media.
• Ensuring environmental conditions do not endanger
• Ensuring media integrity
• Inventorying the media on a scheduled basis
Media management
• Carrying out secure disposal activities.
• Date created
• Retention period
• Classification level
• Internal and external labeling
• Who created it
• Date to be F. Protecting Assets
• Name and version Classifications Levels
• Inventory all mobile devices, including serial numbers, so they can be properly identified if they are stolen and
then recovered.
• Harden the operating system by applying baseline secure configurations.
• Password-protect the BIOS on laptops. B. Classification
• Register all devices with their respective vendors, and file a report with the vendor when a device is stolen.
Media Controls
• Do not check mobile devices as luggage when flying. Always carry them on with you.
• Never leave a mobile device unattended, and carry it in a nondescript carrying case. Protecting Mobile Devices
• Engrave the device with a symbol or number for proper identification.
• Use a slot lock with a cable to connect a laptop to a stationary object whenever possible.
• Back up all data on mobile devices to an organizationally controlled repository.
• Encrypt all data on a mobile device.
• Enable remote wiping of data on the device.
• Educate your staff on proper handling of paper records.
• Minimize the use of paper records.
• Ensure workspaces are kept tidy so it is easy to tell when sensitive papers are left Domain 2. Asset Security
exposed, and routinely audit workspaces to ensure sensitive documents are not 18/04/2020 - Rev. 779
• Lock away all sensitive paperwork as soon as you are done with it.
• Prohibit taking sensitive paperwork home. Paper Records
• Label all paperwork with its classification level. Ideally, also include its owner’s
name and disposition (e.g., retention) instructions.
• Conduct random searches of employees’ bags as they leave the office to ensure
sensitive materials are not being taken home.
• Destroy unneeded sensitive papers using a crosscut shredder. For very sensitive • The usefulness of data
papers, consider burning them instead. • The value of data
• Wall safe Embedded into the wall and easily hidden • The age of data
• Floor safe Embedded into the floor and easily hidden • The level of damage that could be caused if the data were disclosed
• Chests Stand-alone safes Safes • The level of damage that could be caused if the data were modified or corrupted
criteria parameters for determine the sensitivity of data
• Depositories Safes with slots, which allow the valuables to be easily slipped • Legal, regulatory, or contractual responsibility to protect the data
• Vaults Safes that are large enough to provide walk-in access • Effects the data has on security
• Who should be able to access the data
• Who should maintain the data
Data Owners
• Who should be able to reproduce the data
Data Processers
• Lost opportunity costs that could be incurred if the data were not available or were
delete operation against a file
Erasing 1. Define classification levels.
The actual data remains on the drive
2. Specify the criteria that will determine how data is classified.
Overwriting data entails replacing the 1’s and 0’s that represent it on storage
media with random or fixed patterns of 1’s and 0’s Clearing/Overwriting 3. Identify data owners who will be responsible for classifying data.
4. Identify the data custodian who will be responsible for maintaining data and its security level.
repeat the clearing process multiple times Purging 5. Indicate the security controls, or protection mechanisms, required for each classification level.
E. Protecting Privacy
Data Remanence Classification Procedures 6. Document any exceptions to the previous classification issues.
Use a strong magnetic field Degaussing Classification Controls
7. Indicate the methods that can be used to transfer custody of the information to a different data owner.
for declassification Sanitization 8. Create a procedure to periodically review the classification and ownership.
Communicate any changes to the data custodian.
Final stage in the lifecycle of media Destruction
9. Indicate procedures for declassifying the data.
Declassification 10. Integrate these issues into the security awareness program so all employees understand how to handle data
Encryption at different classification levels.
Limits on Collection
Senior management always carries the ultimate
EXAM TIP responsibility for the organization.
• What data do we keep?
• How long do we keep this Developing a Retention has the day-to-day management responsibilities of an
Chief Executive Officer
• Where do we keep this data? The CEO can delegate tasks, but not necessarily responsibility.
A taxonomy is a scheme for classifying data. This Chief Financial Officer
classification can be made using a variety of categories, • Taxonomy The CIO sets the stage for the protection of company assets and
is ultimately responsible for the success of the company security
• Classification How We Retain Executive Management chief information officer program.
• Normalization
• Indexing chief privacy officer (CPO)
is responsible for understanding the risks that the company faces
and for mitigating these risks to an acceptable level.
chief security officer (CSO)
CISO
Data Owner Data ownership takes on a different meaning when outsourcing data storage requirements.
C. Layers of
Data Custodian is responsible for maintaining and protecting the data.
Responsibility
System Owner is responsible for one or more systems

is responsible for implementing and maintaining specific security

How Long We Retain Security Administrator network devices and software in the enterprise

Discovery of electronically stored information (ESI), or is ultimately responsible for all user activity and any assets created and
1. Identification of data required under the order. Supervisor(user manager) owned by these users

2. Preservation of this data to ensure it is not accidentally or routinely destroyed while complying with the order. is responsible for approving or rejecting requests to make changes to the
D. Retention Policies network, systems, or software.
Change Control Analyst
3. Collection of the data from the various stores in which it may be.
4. Processing to ensure the correct format is used for both the data and its metadata. Electronic Discovery Reference Model (EDRM) is responsible for ensuring that data is stored in a way that makes the most sense to the
Data Analyst company and the individuals who need to access and work with it.
5. Review of the data to ensure it is relevant.
6. Analysis of the data for proper context. User is any individual who routinely uses the data for work-related tasks
7. Production of the final data set to those requesting it.
8. Presentation of the data to external audiences to prove or disprove a claim. is to periodically check that everyone is doing what they are supposed to be doing and to
Auditor ensure the correct controls are in place and are being maintained securely.

e-Discovery
What Data We Retain