CHAPTER SUMMARY

You learned in this chapter how you can use data classification to identify critical data and protect it. The chapter reviewed military and business classification schemes and examined how these schemes apply to data handling policies. It examined the need to have policies govern data at rest and in transit. The chapter also discussed how data classification helps reduce business risks.

The chapter included discussion of risk management. It discussed how the risk control and self-assessment process (RCSA) can be leveraged to help gain support from executive management. The chapter also explored the differences between quality assurance and quality control. Also, you read in this chapter about how to use QA and QC techniques to measure the effectiveness of risk management policies.

KEY CONCEPTS AND TERMS

Authorization

Automatic declassification

Confidential

Declassification

Highly sensitive classification

Internal classification

Mandatory declassification

Public classification

Risk and control self-assessment (RCSA)

Risk exposure

Secret

Security token

Sensitive but unclassified

Sensitive classification

Systematic declassification

Top Secret

Unclassified

CHAPTER 11 ASSESSMENT

  1. Which of the following is not a common need for most organizations to classify data?
    1. Protect information
    2. Retain information
    3. Sell information
    4. Recover information
  2. Authorization is the process used to prove the identity of the person accessing systems, applications, and data.
    1. True
    2. False
  3. You need to retain data for what major reasons?
    1. Legal obligation
    2. Needs of the business
    3. Recovery
    4. A and B
    5. A, B, and C
  4. What qualities should the data owner possess?
    1. Is in a senior position within the business
    2. Understands the data operations of the business
    3. Understands the importance and value of the information to the business
    4. Understands the ramifications of inaccurate data or unauthorized access
    5. All of the above
  5. In all businesses, you will always have data that needs to be protected.
    1. True
    2. False
  6. Risk exposure is best-guess professional judgment using a qualitative technique.
    1. True
    2. False
  7. The lowest federal government data classification rating for classified material is ________.
  8. Federal agencies can customize their own data classification scheme.
    1. True
    2. False
  9. What is a process to understand business leaders’ perspective of risk called?
    1. QA
    2. QC
    3. RCSA
    4. D. RA
  10. Quality assurance is typically a detective control.
    1. True
    2. False
  11. Generally, having 5 to 10 data classifications works best to cover all the possible data needs of an organization.
    1. True
    2. False
  12. Risk exposure can be expressed in the following manner: ________ = ________ Ă— ________.
  13. Data in transit is what type of data?
    1. Data backup tapes being moved to a recovery facility
    2. Data on your USB drive
    3. Data traversing a network
    4. Data being stored for later transmission
  14. Encryption protects data at rest from all types of breaches.
    1. True
    2. False