FLASH CARDS

9.05 Explain the importance of prohibited content, activity, privacy, licensing, and policy concepts

What is regulated data?
Data that must be collected, processed, and stored in compliance with federal or state legislation.
What is a data breach?
An event where confidential or regulated data is accessed, copied, modified, or deleted without authorization.
What is data exfiltration?
The intentional and unauthorized copying or theft of data, considered a malicious data breach.
Define Personally Identifiable Information (PII).
Data that can be used to identify, contact, or locate an individual, such as a name, address, or cell phone number.
Give examples of PII.
Name, date of birth, email address, street address, biometric data, and static IP address (in certain contexts).
How can a static IP address be considered PII?
If it can identify someone while browsing the web.
What is government-issued personal information?
PII issued by government authorities, like Social Security numbers, passports, and driver’s license numbers.
What is healthcare data?
Data including medical records, insurance records, and lab test results that may be anonymized for research.
What does the Payment Card Industry Data Security Standard (PCI DSS) regulate?
The secure handling of credit card data, including cardholder information and sensitive authentication data.
Why should employees be trained in data handling?
To ensure they recognize and handle PII responsibly, avoiding unauthorized access and disclosure.
Give examples of careless handling of sensitive data.
Leaving credit card details visible, storing sensitive data unencrypted, or forwarding personal data in emails.
What is a maximum retention period?
The longest time regulated data can be stored, after which it should be securely destroyed.
What is a minimum retention period?
The shortest time regulated data must be kept, even after its original use, to comply with legal requirements.
What is prohibited content?
Non-work-related files, obscene or pirated materials, and unauthorized personal communications on work devices.
What is an End-User License Agreement (EULA)?
A contract that outlines the terms of use for software, including any restrictions on personal or corporate use.
What can happen if a company uses personal-use-only software on company-owned devices?
The company could be violating the EULA.
What is a corporate license?
A license allowing software to be installed on multiple devices within a company for multiple users.
What should a company do when software licenses expire?
Remove the software if the license isn’t renewed.
Name a tool that helps monitor software license compliance.
Desktop management software or inventory management tools.
What is open-source software?
Software that can be freely used, modified, and shared, often governed by specific licensing terms.
What is Digital Rights Management (DRM)?
Technology used to control access to digital media, often limiting usage to a specific number of devices.
Why should companies monitor for DRM compliance?
To prevent pirated or unauthorized media from being used on company devices.
What is an Incident Response Plan (IRP)?
A set of guidelines and procedures for handling security incidents within an organization.
What is the role of a Computer Security Incident Response Team (CSIRT)?
To assess, initiate responses, and manage security incidents reported within the organization.
Who may need to be involved in an incident if no CSIRT is available?
Law enforcement or a designated business owner.
What is digital forensics?
The science of collecting computer-based evidence to a standard that can be used in court.
What is a chain of custody?
Documentation that logs every instance of handling, storing, or accessing evidence, ensuring its integrity for court.
Why is a chain of custody important?
It prevents tampering and establishes a timeline, proving evidence has been handled securely.

BACK TO LESSON

KNOWLEDGE CHECK

HOME

FLASH CARDS

9.05 Explain the importance of prohibited content, activity, privacy, licensing, and policy concepts

What is regulated data?

Data that must be collected, processed, and stored in compliance with federal or state legislation.

What is a data breach?

An event where confidential or regulated data is accessed, copied, modified, or deleted without authorization.

What is data exfiltration?

The intentional and unauthorized copying or theft of data, considered a malicious data breach.

Define Personally Identifiable Information (PII).

Data that can be used to identify, contact, or locate an individual, such as a name, address, or cell phone number.

Give examples of PII.

Name, date of birth, email address, street address, biometric data, and static IP address (in certain contexts).

How can a static IP address be considered PII?

If it can identify someone while browsing the web.

What is government-issued personal information?

PII issued by government authorities, like Social Security numbers, passports, and driver’s license numbers.

What is healthcare data?

Data including medical records, insurance records, and lab test results that may be anonymized for research.

What does the Payment Card Industry Data Security Standard (PCI DSS) regulate?

The secure handling of credit card data, including cardholder information and sensitive authentication data.

Why should employees be trained in data handling?

To ensure they recognize and handle PII responsibly, avoiding unauthorized access and disclosure.

Give examples of careless handling of sensitive data.

Leaving credit card details visible, storing sensitive data unencrypted, or forwarding personal data in emails.

What is a maximum retention period?

The longest time regulated data can be stored, after which it should be securely destroyed.

What is a minimum retention period?

The shortest time regulated data must be kept, even after its original use, to comply with legal requirements.

What is prohibited content?

Non-work-related files, obscene or pirated materials, and unauthorized personal communications on work devices.

What is an End-User License Agreement (EULA)?

A contract that outlines the terms of use for software, including any restrictions on personal or corporate use.

What can happen if a company uses personal-use-only software on company-owned devices?

The company could be violating the EULA.

What is a corporate license?

A license allowing software to be installed on multiple devices within a company for multiple users.

What should a company do when software licenses expire?

Remove the software if the license isn’t renewed.

Name a tool that helps monitor software license compliance.

Desktop management software or inventory management tools.

What is open-source software?

Software that can be freely used, modified, and shared, often governed by specific licensing terms.

What is Digital Rights Management (DRM)?

Technology used to control access to digital media, often limiting usage to a specific number of devices.

Why should companies monitor for DRM compliance?

To prevent pirated or unauthorized media from being used on company devices.

What is an Incident Response Plan (IRP)?

A set of guidelines and procedures for handling security incidents within an organization.

What is the role of a Computer Security Incident Response Team (CSIRT)?

To assess, initiate responses, and manage security incidents reported within the organization.

Who may need to be involved in an incident if no CSIRT is available?

Law enforcement or a designated business owner.

What is digital forensics?

The science of collecting computer-based evidence to a standard that can be used in court.

What is a chain of custody?

Documentation that logs every instance of handling, storing, or accessing evidence, ensuring its integrity for court.

Why is a chain of custody important?

It prevents tampering and establishes a timeline, proving evidence has been handled securely.

OSIBridge Program IT/Tech and Professional skills training.