Assets and Threats: Quiz 3

Security controls can be organized into three types: tec_________, ope___________, and man___________.

Technical control types include the many technologies used to protect assets. This includes encryption, authentication systems, and others.

The principle of least priv____________ is a security concept in which a user is only granted the minimum level of access and authorization required to complete a task or function.

The data lif_____________ is an important model that security teams consider when protecting information. It influences how they set policies that align with business objectives. It also plays an important role in the technologies security teams use to make information accessible.

In general, the data lifecycle has five stages. Each describe how data flows through an organization from the moment it is created until it is no longer useful:

col______ sto______ us______ arc______ des______

Data gove_________ is a set of processes that define how an organization manages information. gove_________ often includes policies that specify how to keep data private, accurate, available, and secure throughout its lifecycle.

Effective data governance is a collaborative activity that relies on people. Data governance policies commonly categorize individuals into a specific role:

Data ow__________: the person that decides who can access, edit, use, or destroy their information.

Data cus_________: anyone or anything that's responsible for the safe handling, transport, and storage of information.

Data ste__________: the person or group that maintains and implements data governance policies set by an organization.

p___ is any information used to infer an individual's identity. Personally identifiable information and refers to information that can be used to contact or locate someone.

??? stands for protected health information. In the U.S., it is regulated by the Health Insurance Portability and Accountability Act (HIPAA), which defines ??? as “information that relates to the past, present, or future physical or mental health or condition of an individual.” In the EU, ??? has a similar definition but it is regulated by the General Data Protection Regulation (GDPR).

sp____ is a specific type of pii that falls under stricter handling guidelines. The S stands for sensitive, meaning this is a type of personally identifiable information that should only be accessed on a need-to-know basis, such as a bank account number or login credentials.