CySA+
  • CySA+ CS0-002 Exam Objectives
  • Threat Intelligence Cycle
  • Intelligence Sources
  • Security Intelligence Sharing
  • Threat Classification and Threat Actors
  • Threat Research and Indicators of Compromise
  • Attack Frameworks and The Cyber Kill Chain
  • Defining Threat Modeling and Threat Hunting
  • Vulnerability Identification and Validation
  • Vulnerability Scan Results and CVSS Scores
  • Nmap and Enumeration
  • Security Controls
  • Defense in Depth Security Baselines
  • Security Trend Analysis
  • Remediation Issues
  • Asset, Change, and Configuration Management
  • Software Development Lifecycle & Development Models
  • Software Assessment and Code Review
  • Mitigating Attack Types Part 1
  • Mitigating Attack Types Part 2
  • Mitigating Attack Types Part 3
  • Password Cracking and Hashing
  • Privilege Escalation & Man-in-the-Middle
  • Network Based IoCs
  • Host Based IoCs
  • Network Architecture and Segmentation
  • Network Traffic, Packet, and Protocol Analysis
  • Pentesting and Active Defense
  • Firewalls
  • URL Analysis & DNS in Malware
  • Network Access Control and Port Security
  • Identity and Access Management (IAM)
  • Web Application Scanners
  • SSL/TLS Digital Certificate Management
  • Mobile Threats
  • Email Threats and Mitigation
  • Data Loss Prevention (DLP)
  • Endpoint Security and Behavior Analysis
  • Hardware Assurance
  • Blackholes and Sinkholes
  • IoT, Embedded Systems & ICS/SCADA Threats
  • Log Analysis & Continuous Security Monitoring
  • SIEM and Event Correlation
  • Malware Analysis
  • Cloud Models and Service Threats
  • Cloud Automation and Other Cloud Threats
  • VDI, Containers, and Microservices
  • CI/CD, IaC, DevOps
  • AI and Machine Learning
  • Digital Forensics
  • Technical Controls for Securing Data
  • Non-Technical Controls for Securing Data
  • Security Policies and Procedures
  • Continuity Planning and Risk Assessment
  • Incident Response Phases and Communication
Powered by GitBook
On this page

Non-Technical Controls for Securing Data

  • Governance – Protecting data with policies and procedures

    • Classification of data

      • Applies to existing and new data

      • Intellectual property:

        • Public

        • Private

        • Restricted

        • Confidential

      • Military version:

        • Unclassified

        • Classified

        • Confidential

        • Secret

        • Top Secret

      • Review classification periodically:

        • Changing jurisdictions

        • Data “ages” over time

      • Data Types

        • Requirements stem from regulations: PII, PHI, financial data

        • Types are usually built into DLP solutions

        • Types include non digital media as well

      • Data Ownership

        • Data Owner

          • CIA of data

          • Labels of data

          • Org can be owner

        • Data steward

          • Handles data quality

          • Labelling and classification

          • Proper collection and storage

        • Data custodian

          • Handles the system that stores the data

          • Access control, encryption, backups

        • Privacy Officer

          • Handles privacy

          • PII, PHI handled correctly

        • Legal requirements

          • GDPR

          • SOX

          • PCI-DSS

          • GLBA

          • FISMA

          • COSO

          • HIPAA

        • Purpose Limitation

        • Data minimization

        • Data sovereignty

        • Retention: e-discovery

        • Policies and Procedures: short term and long term

        • Data sharing

          • Service Level Agreement

          • NDA

          • MOU – Gentleman’s agreement. Non legally binding.

          • ISA – interconnection security agreement – for federal agencies

          • Data sharing and use agreements

        • Security, privacy, and governance. Know the difference.

    • Access Control

    • Data dissemination

    • Retention or destruction

PreviousTechnical Controls for Securing DataNextSecurity Policies and Procedures

Last updated 2 years ago