Professional Documents
Culture Documents
CC Domain5
CC Domain5
CC Domain5
3
Hardening
5
Data Handling Practices
Data
Classification
The process of recognizing
the organizational impacts if
the information suffers any
security compromises
related to its characteristics
of Confidentiality, Integrity
and Availability.
6
Data Handling Practices
Data Confidential
Labeling
Adding descriptive
Internal
metadata or tags to data
to provide context and
improve data management
and security
Public
7
Data Handling Practices
Data
Retention
The practice of storing data for a
specific period of time, after which
it is either deleted or archived.
The retention period is usually
determined by legal or regulatory
requirements, business needs, or
security policies.
8
Data Handling Practices
Data
Destruction
The process of destroying data
stored on tapes, hard disks and
other forms of electronic media
so that it is completely
Remanence
unreadable and cannot be Residual information
accessed or used for remaining on storage
unauthorized purposes. media after clearing.
9
Data Destruction Options
Egress Ingress
12
Encryption
Cryptography, or cryptology, is the practice and study of
techniques for secure communication and data
13
Cryptanalysis: the process of
analyzing cryptographic security systems to
breach them and gain access to the
contents of encrypted messages, even if the
cryptographic key is unknown.
Cryptanalysis attacks/methods:
• Brute force attack
• Frequency analysis
• Side-channel attacks
• Ciphertext-only attack
• Known ciphertext/plaintext pairs
• Chosen plaintext or chosen ciphertext
14
15
Symmetric Cryptography
⦿ Same/single/shared/session key in
both the encryption and the decryption
processes
⦿ Key cannot be sent in the same channel
as the encrypted message (out-of-Band)
⦿ The biggest disadvantage of symmetric
key cryptography is key management.
For two parties to communicate
securely, they must share the same key.
This can be difficult to manage, especially
if there are many parties involved or if
the key needs to be changed frequently. 16
Asymmetric Cryptography
18
Integrity & Authentication
⦿ Hash functions ⦿ Digital Signatures
A hash function is a one-way A digital signature is a mathematical
mathematical algorithm that takes in technique used to ensure the authenticity,
an input message of arbitrary length integrity, and non-repudiation of electronic
and produces a fixed-size output. messages. It is a cryptographic code that is
attached to the electronic message, and it is
unique to the signer.
(Private Key)
19
Password Hashing and Salting
Hash collision
No Salting
With Salting
20
Digital Signatures
21
Domain 5 Agenda
Domain 5 Module 1: Understand Data Security
4
Configuration Management
Components
A validation process that involves testing
Defining the minimum level of protection
and analysis, to verify that nothing was
that can be used as a reference point
broken by a newly applied change
Change Verification
Identification Baseline
Control & Audit
Defining and identifying the systems An update process for requesting changes
that need to be managed to a baseline, system or component
5
Inventory
6
Domain 5 Agenda
Domain 5 Module 1: Understand Data Security
5
Acceptable Use Policy (AUP)
6
Bring Your Own Device (BYOD)
7
Privacy Policy
• Personally Identifiable Information (PII)
Examples: social security number (SSN), passport number,
driver's license number, taxpayer identification number,
patient identification number, financial account number, or
credit card number.
9
Security Awareness Training
❑ Humans are the weakest link in cybersecurity
11