2.7 Unauthorized User Access Part 2: Data Classification

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 48 minutes
Video Transcription
data classification.
Now, if you're in the government, military and probably even otherwise you're familiar familiar with classifying data.
What's important understand is especially from a testing perspective. There's some terms that we want to use, So data classifications is based on the value
of the data,
and then you'll hear some folks say.
But isn't it really based on harm if that Dad is disclosed? Yeah, that's part of data is value,
But isn't it based on
maybe how much time it took me to create it? Now it's part of its value.
But what about liability? What about if daddy gets compromised? Then I might be subjected to $1000 fine. Yes, that's part of value. So that term value is an all encompassing term. So what is Classifications indicate the value of data. However you define value.
It's fine,
but values that all encompassing term. Okay, one of the things about these exams is they'll ask you questions and all the answer. Sound good.
You know what Does classifications indicate
harm if compromised? Its sensitivity, its value to competitors, its value
well, value includes all three of those. That's the better answer. They all sound good but values a better answer.
And then the next piece that's important is based on classification based on the value Daddy gets classified. The purpose of classification is to dictate how we protect it.
So classifying data is top secret. That's just a step. If we don't say we'll all top secret data is protected this way, then classification doesn't help us any right. That's the purpose.
So it indicates value. Its purpose is to dictate how we secure and how we protect.
So we have to make sure that data were storing at the cloud service provider again, depending on which service's were using. Because ultimately, data will always be my responsibility. Even if it's stored on the Cloud service provider's network,
I am still liable for the death. Don't forget. That's very important fact.
If they violate their service level agreement, I can sue them, but it doesn't make them liable to the jury that I am
all right, So we want to make sure that if you know, usually in this instance, when we're looking with classified data, we'd be looking at a private cloud, right? I'm not store top secret data may not, and I'm not gonna put top secret data on the cloud service provider, you know, likely. Anyway.
So what we want to make sure is if we have different levels of sensitivity
that our cloud service provider has the capability of protecting based on those sensitivity labels Don't forget, classifications is more than just government. Military.
All right. So, again, we want to make sure that security controls air in place based on the classification or the sensitivity labels. We want to make sure controls or implemented again based on our requirements.
Um, make metadata available. Often metadata helps us determine the classification of data or the sensitivity of data. So by being able to search on metadata, we can categorize and protect certain ways. All right. Making sure this point this second from the bottom,
protecting dad according to its classification at rest and in transit. We'll talk about that in a few minutes. But data we've already said, you know, you store data, you process data, you transmit or share data, so we've got to protect it in all those states.
And we also is part of data classifications. Our scheme, our policy gonna figure out how to reclassify data. If necessary. How long you know that? Classification last, how we determine what the process is in place. So if we have classifications within our organization,
then obviously we need policies to support.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By