Data Security Exam 212-82 PDF

Summary

This document discusses different data security controls, including data masking techniques, database deidentification methods, and data breach notifications. The document explains the process of masking data, tokenization, hashing, and methods of segregating personal data for protection. The document addresses data breach escalation and public disclosures.

Full Transcript

Certified Cybersecurity Technician Data Security Exam 212-82 Data Masking Tools DATPROF PRIVACY https://www.datprof.com 4 / 4 — y Informatica Persistent Data https://www.informatica.com IBM InfoSphere Optim Data Privacy < IRI FieldShield BMC Compuware ‘ https://www.ibm.com NextLabs https://www.nextlabs.com https://www.iri.com https://www.bmc.com Subsetting Pack https.//www.oracle.com , 7 Masking Oracle Data Masking and - / Delphix https://www.delphix.com J |, All Rights Reserved. Reproduction Is Strictly Prohibited. Data Masking Tools Data masking tools avoid any misuse of complex information and eliminate complex data with false data. The most common tools for masking data for small-, large-, and mid-sized enterprises are as follows: = DATPROF PRIVACY (https://www.datprof.com) = Informatica Persistent Data Masking (https.//www.informatica.com) = |RI FieldShield (https://www.iri.com) = BMC Compuware (https://www.bmc.com) » OQOracle Data Masking and Subsetting Pack (https://www.oracle.com) * |BM InfoSphere Optim Data Privacy (https://www.ibm.com) » NextlLabs (https://www.nextlabs.com) = Delphix (https://www.delphix.com) Module 15 Page 1840 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Data Security Exam 212-82 Database Deidentification Methods O Deidentification is the process of segregating or replacing an entity’s personal identity from the data stored in a database Masking > 0 ltis the process of > in database fields with special characters such as asterisks (*) and hashes (#) 02 > Itis the process of lItisthe process of ina field with arbitrary tokens. These tokens act as a replacement for encryption keys » with some common values Hashing is the process of with a unique fixed string length using hashing algorithms such as MD5 and SHA Salting is the process of (salt) to a hashed field in a table. It increases complexity and the difficulty of retrieving the hashes b 4 Database y Deidentification Methods Deidentification is the process of segregating or replacing an entity’s personal identity from the data stored in a database. It is important to remove or change personal identifiers from the data before sharing with third parties or keeping aside for reuse. Common personal identifiers include names, phone numbers, and credit/debit card numbers. Critical fields in the database table are labeled separately for the deidentification process whenever the query is executed. Discussed below are some of the basic techniques used for data deidentification. » Masking: Data masking is the process of replacing critical information in database fields with special characters such as asterisks (*) and hashes (#). For instance, “Michael” can be replaced with the characters “Mi****|” in data masking. = Bucketing: Bucketing is the process of generalizing a field by differentiating it based on values or ranges. This technique is mostly used for generating reports that are later used for evaluation, where unnecessary information is replaced with some common values. For instance, instead of specifying the developer, tester, and administrator, these fields are saved with one common name such as “Engineer.” = Tokenization: Tokenization is the process of replacing critical data in a field with arbitrary tokens. These tokens act as the replacement for encryption keys. The token replaces original data with unrecognizable values, and the original data are stored on the token vault. These tokens are reversible, facilitating the reidentification and deidentification of the data when an authorized query is executed to retrieve the original values. = Hashing/salting: Cryptographic hashes transform any type of data with a unique fixed string length using hashing algorithms such as MD5 and SHA. Hashes are generated from Module 15 Page 1841 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Data Security Exam 212-82 mathematical functions; plaintext. a database, In hence, it is difficult to match hashing is used to or retrieve the corresponding secure passwords, expedite search processes, and offer deidentified references to stored data. Salting is the process of attaching random characters (salt) to a hashed field in a table. It increases complexity and the difficulty in retrieving the hashes, providing strong defense against dictionary and rainbow table attacks. Module 15 Page 1842 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security Data Breach Notifications and Escalation Failure to notify can be termed a SN By Unit level: Notify teams such as the information authority, security management, and coordinators The notifications should include the type of data affected, the extent of breach, how many data subjects are concerned, and the steps to be taken to mitigate further compromise K Initial escalation: Notify teams such as the IT desk, administrators, and application managers / » Organization level: Notify managers such as executive managers External level: Notify teams such as ISPs, third-party contractors, telecommunication agencies, and local and state law enforcement \agendes / Sl el Disclosures Y Y /Escalation of Data Breach\ ‘1 The first responsibility is to notify the users or customers of their compromised data NI » of Data Breah < » Y Ay Y 6otificafions and\ The organization must inform the affected individuals, organizations, or third parties about the data breach through social media or mainstream media ) L Public notifications of data compromise should be disseminated in an appropriate manner to rebuild confidence in customers and convince them to avoid legal consequences k / Data Breach Notifications and Escalation Notifications of Data Breach A data breach refers to illegitimate access to protected or private information. Data breaches can vary in terms of impact and size of theft. They can occur through physical as well as digital media. Examples of physical breaches include stealing documents or leveraging the improper formatting of critical files. Examples of digital data breaches include stealing information by masquerading as a trusted entity and intentionally or deliberately sending private information to an unknown entity via emails. Many laws and policies exist for organizations to respond appropriately to a breach. The first responsibility is to notify the users or customers of their compromised data. Failure to do so can be termed a violation of security norms. Users or customers can be informed of the data breach within 72 h of attack. If not, companies should prepare a document explaining the reason for the delay. The notification should include the type of data affected, the extent of breach, how many data subjects are concerned, and the steps to be taken to mitigate further compromise (such as forcing users to change passwords). Escalation of Data Breach Some independent data breach incidents can be mitigated through minimal effort without informing the initial response team, but some incidents need to be escalated to different levels of security and response teams so that they can inspect and provide countermeasures for preventing the data or network from further compromise. Module 15 Page 1843 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security This escalation can be categorized as follows. Initial escalation: This type of escalation is crucial when the incident has the capability to take down network services and compromise data. It notifies teams such as the IT desk, administrators, and application managers. Unit level: This type of escalation is performed when an incident is capable of affecting network services, data confidentiality, and other business services. It notifies teams such as information authority, security management, coordinators, and other unit-wise entities. Organization level: This type of escalation is performed at the discretion of the security management teams of the organization. It informs managers such as executive managers and other higher authorities. External level: External escalation is also performed at the discretion or delegation of the information security management team. This type of escalation notifies teams such as ISPs, third-party contractors, telecommunication agencies, and local and state law enforcement agencies. Public Notifications and Disclosures Data breach or data compromise can range from password theft to the leak of personal chats, and affected individuals, organizations or third parties must be informed of it through social media or mainstream media. Public notification or disclosure is one of the methods used to disseminate the news of data breach. Public disclosure is the process of providing non- confidential information publicly while hiding important information such as login credentials, account details, and passwords. Public notifications of data compromise should be disseminated in an appropriate manner to rebuild confidence in customers and convince them to avoid legal consequences. Module 15 Page 1844 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.