Put it to Work: Quiz 1

A security mindset is the ability to evaluate risk and constantly seek out and identify the potential or actual bre_________ of a system, application, or data.

This data classification does not need extra security protections. pub______ data is already accessible and poses a minimal risk to the organization if viewed or shared by others. Although this data is open , it still needs to be protected from security attacks. Example include press releases, job descriptions, and marketing materials.

This data classification type has a higher security level. pri_______ data is information that should be kept from the public. If an individual gains unauthorized access to this data, that event has the potential to pose a serious risk to an organization.

sens_________ data includes personally identifiable information (PII), ssens_________ personally identifiable information (SPII), and protected health information (PHI). Examples of these types of sens_________ data are banking account numbers, usernames and passwords, social security numbers (which U.S. citizens use to report their wages to the government), passwords, passport numbers, and medical information.

This data classification type is important for an organization’s ongoing business operations. confi________ data often has limits on the number of people who have access to it. Access to confi________ data sometimes involves the signing of non-disclosure agreements (NDAs)— legal contracts that bind two or more parties to protect information—to further protect the confidentiality of the data.

Asset classi___________ means labeling assets based on sensitivity and importance to an organization. The classi___________ of an organization's assets ranges from low- to high-level.

• The first step in the information lifecycle is to id__________ the important assets to the company, including sensitive customer information such as PII, financial information, social security numbers, and EINs. 

The second step is to assess the security measures in place to prot________ the identified assets and review the company’s information security policies. There are different components to this step, ranging from vulnerability scanning to reviewing processes and procedures that are already in place. Juliana is new to the company and might not be ready to conduct vulnerability scans.

• The third step of the information lifecycle is to prot__________ the identified assets of the organization. Once again, this is only Juliana’s first day on the job. She asks her supervisor if she can observe a more senior security analyst for a day. This will give her the opportunity to learn how the security team monitors the company’s systems and network.

The last step of the security lifecycle is to mon_________ the security processes that have been implemented to protect the organization’s assets. She contacts her supervisor and gives them a detailed report of what she has learned on her first day. She requests to finish her day by monitoring a few of the systems that are in place. Her supervisor is impressed with her initiative and prepares Juliana to monitor the security systems. What a great first day for Juliana!