Data Security and the Data Life Cycle

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
8 hours 20 minutes
Difficulty
Advanced
CEU/CPE
9
Video Transcription
00:00
>> Data security and the data life cycle.
00:00
The learning objectives for this lesson
00:00
are to define the data life cycle,
00:00
describe data classification and management,
00:00
and to describe data loss prevention concepts.
00:00
Let's get started. This is the data life cycle.
00:00
All data will flow through this cycle.
00:00
It begins with create.
00:00
This might be something as simple as
00:00
a user creating an email or a Word document,
00:00
but it can also be data that is created
00:00
in a database or from applications.
00:00
From there we move to store.
00:00
Once we create the data,
00:00
we have to have a place to put it.
00:00
From store we move to use.
00:00
This is making use of that data.
00:00
Then once data is no longer needed on a daily basis,
00:00
but we still need to hold onto it for a little while,
00:00
we move it to archive.
00:00
Then finally, when we no longer
00:00
have any use of the data, we destroy it.
00:00
This would complete the data life cycle.
00:00
Data classification.
00:00
All data in an organization should be classified.
00:00
This allows us to put different controls
00:00
on the data based on its classification level.
00:00
The first we have is public,
00:00
also known as unclassified.
00:00
This information, if it were to
00:00
be released or become public,
00:00
would cause no damage to the organization.
00:00
The second is confidential, also known as secret.
00:00
This data is highly sensitive and should
00:00
only be viewed by authorized personnel.
00:00
Finally, we have critical or top secret.
00:00
This information is too
00:00
important to even allow it to be captured.
00:00
The highest levels of controls are placed
00:00
upon data in this classification level.
00:00
Data management. Inventory and mapping.
00:00
This is a data map that
00:00
identifies and tracks the data created,
00:00
controlled, or maintained by an organization.
00:00
Data integrity management ensures that the data is in
00:00
its proper state and that
00:00
any changes that occur can be identified.
00:00
This ensures data reliability.
00:00
We need to know how it changed and who changed it.
00:00
Data loss prevention.
00:00
As a concept, data loss prevention or
00:00
DLP automates the discovery and
00:00
classification of data and then it enforces
00:00
rules to ensure that the data
00:00
isn't viewed or released improperly.
00:00
Once all data has been classified in an organization,
00:00
each of those levels of classification may
00:00
have specific rules placed upon them,
00:00
which users are allowed to access them,
00:00
make use of them, that sort of thing.
00:00
Data loss prevention as a software product,
00:00
it monitors endpoints and
00:00
network traffic for signs
00:00
of sensitive data that's being copied,
00:00
printed, or used in inappropriate ways.
00:00
It's comprised of a policy server,
00:00
endpoint agents, and network agents.
00:00
It works in a way that's similar
00:00
to anti-malware software.
00:00
Once it sees sensitive data,
00:00
it will either alert,
00:00
block, quarantine, or tombstone the data.
00:00
The way this would work is once you've
00:00
classified all of the data on your network,
00:00
you create those specific rules.
00:00
You can be very granular with DLP software to say,
00:00
users in this categories are allowed to view the data,
00:00
but they can't print it or they can't copy
00:00
it off to a USB device,
00:00
or they can't even email it.
00:00
Where other users may be allowed to email it,
00:00
but they're not allowed to do anything else with it.
00:00
You can be very, as I said,
00:00
granular with your rules
00:00
based on the needs of the organization.
00:00
Data loss detection.
00:00
The first example is a responsible disclosure form.
00:00
This facilitates for the easy reporting of
00:00
incidences that would occur within an organization.
00:00
The next is dark web scanning.
00:00
Oftentimes when a data breach occurs with a company,
00:00
the first signs anyone knows of
00:00
it is when the data appears in the dark web.
00:00
This usually happens when
00:00
a hacker group leaves a sample out,
00:00
either because they're going to sell
00:00
the data or they're just
00:00
releasing all the data in general.
00:00
Dark web scanning would let you look through the dark web
00:00
to see if you can find any signs of your data.
00:00
The next is deep packet inspection.
00:00
This looks into the network packets as they
00:00
pass on the network for actual data,
00:00
so we're not just looking at the source and destination,
00:00
or ports, or even the protocols,
00:00
we're looking in the actual packets
00:00
to see the data that they would contain.
00:00
Finally, we have third party.
00:00
These are services that may offer
00:00
real-time visibility into how
00:00
an organization is using its data.
00:00
Examples of this would be OneDrive and Google Drive.
00:00
Digital rights management and watermarking.
00:00
Digital rights management or DRM is about
00:00
controlling digital content and
00:00
how it's used after being published.
00:00
Most people have run into this when they've
00:00
downloaded legal music from the Internet.
00:00
Companies put DRM in there so that you're
00:00
not able to copy that and share it with others.
00:00
DVDs also make use of
00:00
stream encryption and region locking.
00:00
The overall goal is to prevent copying.
00:00
Region locking is where you
00:00
buy a DVD in the United States and then you
00:00
take it to Europe and it will not play
00:00
in the DVD players for Europe.
00:00
They're locking that DVD to
00:00
a specific region of the world.
00:00
Finally, we have watermarking.
00:00
This is marking data so that it clearly
00:00
displays important details about the data,
00:00
such as ownership information,
00:00
the data classification, and how it may be used.
00:00
Obfuscating and masking.
00:00
This is a mechanism of hiding
00:00
data and it doesn't always involve encryption,
00:00
sometimes it can be as simple as encoding things
00:00
in different formats such as base64.
00:00
The goal is to have data in a format
00:00
that isn't easily recognizable.
00:00
In my instructor side note,
00:00
I give an example of this.
00:00
Base64 is commonly used
00:00
to obfuscate payloads in phishing emails.
00:00
If you were to look at the HTML code,
00:00
often critical parts are encoded using base64.
00:00
This makes it much harder for
00:00
the end user to
00:00
tell what's going on in that phishing email.
00:00
Then it takes time to break it down,
00:00
decode it, and find out what the payload is doing.
00:00
Tokenization, scrubbing, and anonymization.
00:00
Tokenization is used in credit card processing.
00:00
This replaces the data with a token and this
00:00
cannot be reversed to go
00:00
back to the credit card information.
00:00
Scrubbing is data integrity control
00:00
that is designed to find invalid,
00:00
redundant, or outdated data
00:00
from a database or data warehouse,
00:00
if you don't need it, get rid of it.
00:00
Anonymization removes data that could be
00:00
used to uniquely identify a person.
00:00
This is common with compliance laws.
00:00
When we get into the HIPAA regulations later on,
00:00
we'll go into this a little bit more.
00:00
Summary. We described the data life cycle,
00:00
we explained data classification
00:00
and management and why that's important.
00:00
Then we also explained data loss concepts
00:00
and then we demonstrate data obfuscation and masking.
00:00
Let's do some example questions.
00:00
Question 1, what method is used to
00:00
control how digital content
00:00
is used after being published?
00:00
Digital rights management.
00:00
Question 2, which stage of the data life cycle
00:00
describes when data is no longer
00:00
used on a regular basis, but is still needed?
00:00
Archive. Question 3,
00:00
which type of data classification would be
00:00
used for information that is highly sensitive,
00:00
it should only be viewed by approved persons?
00:00
Confidential or secret. Finally,
00:00
question 4, what is used to ensure
00:00
data is in its proper state
00:00
and that any changes can be identified?
00:00
Data integrity management.
00:00
I hope this lesson was useful for
00:00
you, and I'll see you in the next one.
Up Next