Data Security Past Paper PDF (Exam 212-82)

Summary

This document is a chapter from a cybersecurity textbook, specifically on data security. It details the importance of data security, discusses various data security controls, and explains the processes of data backup, retention, and destruction. It also focuses on understanding and identifying business-critical data.

Full Transcript

Certified Cybersecurity Technician Exam 212-82 Data Security Module Flow 01 Understand Data Security and its Importance 9/4 ’ Y 02 4 03 w Discuss Data Backup, Retention, and Destruction 04 Discuss Various Data ,,,4. Discuss Data Loss Security Controls Prevention Concepts Understand Data Security and its Importance The objective of this section is to explain the importance of data security. The module also explains the three states of data, i.e., data at rest, data in use, and data in transit, and introduces various data security technologies. Module 15 Page 1746 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Data Security What X f é Exam 212-82 is Business Critical Data? O Data is the heart of any organization Q Critical data contains information that is important for business operation O Identification and classification of business-critical data is the first step in securing an organization’s data Examples of Critical Data 1 Accounting files 2 D atabases or any business-related i -rel data 3 The operating system files purchased with a computer, software, etc. Important office documents, spreadsheets, etc. 4 Software downloaded (purchased) 5 Contact Information (email address book) 6 PR Copyright © by What is Business o EC-Councll. All Rights Reserved. Reproductionis Strictly Prohibited Critical Data? Data is the heart of any organization. Critical data contains information that is important for business operation. Identification and classification of business-critical data is the first step in securing an organization’s data. Every organization has an abundance of data. An organization should identify their critical data or files. The criticality of data is based on its importance to the organization. This requires analyzing and deciding which information is more important for the organization to function properly. Critical data may consist of revenue, emerging trends, market plans, database, files including documents, can significantly affect the organization. spreadsheet, emails, etc. Loss of such critical data How Can Critical Data Be Identified? * Conduct a business impact analysis to determine the critical functions and data in an organization. critical data. = Identify processes and functions that depend on and co-exist with the Evaluate the impact of data damage on the business. Examples of Critical Data: » Accounting files * Databases or any business-related data * The operating system files purchased with a computer, software, etc. * |mportant office documents, = Software downloaded (purchased) from the Internet = = * Contact Information (email address book) Personal photos, music, and videos Any other critical file(s) spreadsheets, etc. Module 15 Page 1747 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security Need for Data Security 0O Data is an organization’s ultimate asset, which attackers may interested in Q If an organization’s data is exposed or lost by any means, it can severely damage business and reputation Data Loss Risks in Business Environment 0 W | : : Loss/theft of laptops and mobile devices Corporate Data Unauthorized data transfer to USB devices 0 Effect T O Cause Improper sensitive data categorization O Data theft by employees/external i parties g T k 5 0 Brand damage and O Competitive advantage loss 0 Loss of customers o Market share loss o Shareholder value erosion Q Fines and civil penalties reputation loss Need for Data Security Data is an important asset for an organization, and it is essential to safeguard it from cybercriminals. If an organization’s data is exposed or lost by any means, it can damage the organization’s business and reputation to a great extent. Effect of data loss: Brand damage and reputation loss Competitive advantage loss Loss of customers Market share loss Shareholder value erosion Fines and civil penalties Litigation/legal actions Regulatory fines/sanctions Significant cost and effort to notify affected parties and recover from breach There are numerous causes for data loss, including Loss/theft of laptops and mobile devices Unauthorized data transfer to USB devices Improper sensitive data categorization Module 15 Page 1748 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security The = Data theft by employees/external parties = Printing and copying of sensitive data by employees = |Insufficient response to intrusions = Unintentional sensitive data transmission resulting data loss leads to loss of brand loyalty and trust, decreases the number of (0 customers, and affects market share and shareholder value, regulatory fines, legal proceedings, etc. Data breaches and cyberattacks have increased because of the expansion of computer networks; hence, data security is necessary to protect the data in an organization. R&D Customer Service Corporate Customer Data Data Sales Contractor Business Data Personally Identifiable Data HR, Legal Finance Transaction Data Figure 15.1: Business environment Module 15 Page 1749 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.