2. Security asset

[rainit2006]

[rainit2006]

[rainit2006]

Data Loss Prevention (DLP)

• Personally Identifiable Information (PII)
• Intellectual Property (IP)
• Non-Public Information (NPI):Examples include financial information, mergers

Available Data Loss Prevention Solutions

1. Network DLP solutions focus on protecting valuable data while it is in transit. This DLP solution is installed at the enterprise networks’ perimeter and monitors network traffic.
2. Datacenter or storage-based DLP solutions keep an eye on the data at rest in an organization’s data center infrastructure. These DLP solutions find where the confidential data resides and lets users determine if the information is stored securely.
3. Endpoint-based data loss prevention solutions focus on monitoring PC-based systems such as laptops, tablets, point-of-sale devices, etc.

dataflow is a critical element in ensuring DLP solution works correctly.

[rainit2006]

data retention

side-channel attack

暗号装置の動作状況を様々な物理的手段で観察することにより、装置内部のセンシティブな情報を取得しようとする攻撃（暗号解読）方法の総称である。 サイドチャネル攻撃のターゲットとなるのは、暗号機能を内蔵したICカードや暗号処理機能を組み込まれた半導体製品などです。それらの機器の内部で、暗号化や復号化を行う時の処理時間や消費電力の変化、外部に発生する電磁波、音、熱などの変動を測定し、重要な情報を盗み出します。

テンペスト攻撃はパソコンのディスプレイやLANケーブル、USBケーブルなどから発生する弱い電磁波を傍受して、情報を盗聴する攻撃のことです。一方、サイドチャネル攻撃は"暗号解読"を目的とした攻撃手法です。 例えばLANケーブルから発生する電磁波をテンペスト攻撃で傍受されても、暗号化されていれば情報の中身を知られることはありません。テンペスト攻撃は電磁波の受信は行いますが、復号処理を行わないからです。 しかしテンペスト攻撃では、パソコンの画面の表示内容やキーボードで打ち込んだ情報などが知られる可能性があります。これらの情報は暗号化のしようがないため、平文のまま情報がやり取りされているからです。ただ、サイドチャネル攻撃の1つである「電磁波解析攻撃」のことをテンペスト攻撃と呼ぶこともあるようです。

サイドチャネル攻撃への対策方法:

1. 機器を安全に管理し盗難されないようにする
2. 耐タンパー性のある機器を使用する 耐タンパー性とはコンピュターシステムの内部構造や保有している情報の解析を困難にする状態のことを指します。 耐タンパー性のある機器に対してサイドチャネル攻撃を仕掛けても、機器が攻撃を感知して、内部構造を自動的に破壊して情報を守ることができ、外部への情報漏洩を防ぐことが可能です。

[rainit2006]

Media Librarian

chief privacy officer

最高プライバシー責任者は、ますます多くのグローバル企業、公的機関、およびその他の組織内の上級レベルの幹部であり、情報プライバシー法および規制に関連するリスクの管理を担当しています。

data inventory

Conducting a data inventory is the very first step in preventing data loss or leakage. If you don't know what data you have, how it's classified in terms of sensitivity, and where it is located then you can't effectively prevent its loss or leakage.

resiliency

Resiliency is the ability of the system to deal with challenges, damage, and negative actions, and return to a normal state of operation quickly, with minimum impact to the organization.

Data Steward

組織のデータガバナンスプロセスを利用して、データ要素（コンテンツとメタデータの両方）の適合性を確保する責任を負う組織内の役割です。 データスチュワードは、ポリシーや規制の義務に従って組織のデータ全体を管理するためのプロセス、ポリシー、ガイドライン、および責任を組み込んだ専門家の役割を担っています。

## data subject 個人データ(personal data)とは、「特定されたまたは特定可能な自然人に関する情報」のことをいいます。特定可能な自然人とは、直接または間接的に特定される自然人のことをいいます。特定されたまたは特定可能な自然人は、総称して、データ主体(data subject)と定義され、個人データ保護に対する権利に関する諸権利の行使主体です。 ## Tor (The Onion Routing) Tor是一个三重代理（也就是说Tor每发出一个请求会先经过Tor网络的3个节点），其网络中有两种主要服务器角色： - 中继服务器：负责中转数据包的路由器，可以理解为代理； - 目录服务器：保存Tor网络中所有中继服务器列表相关信息（保存中继服务器地址、公钥）。 Tor客户端先与目录服务器通信获得全球活跃中继节点信息，然后再随机选择三个节点组成circuit （电路），用户流量跳跃这三个节点（hop）之后最终到达目标网站服务器。如下图示： 

[rainit2006]

OECD

Organization for Economic Cooperation and Development (OECD) Privacy Guidelines (International): 経済協力開発機構。 30 member nations from around the world, including the U.S. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, issued in 1980

GDPR - Supervisory Authority

监管机构(“Supervisory Authority”)。 GDPR规定了欧盟每一个成员国都必须成立关于GDPR的监管机构(“Supervisory Authority”)，负责GDPR在每一个国家的执行。

GDPR policies

• Data portability: The principle of data portability says that the data subject has the right to receive personal information and to transfer that information to another data controller.
• The principle of data integrity: data should be reliable and that information should not be used for purposes other than those that users are made aware of by notice and that they have accepted through choice.
• Enforcement is aimed at ensuring that compliance with principles is assured.
• Onward transfer limits transfers to other organizations that comply with the principles of notice and choice.

GDPR key elements

The GDPR does include

• the need to collect information for specified, explicit, and legitimate purposes;
• the need to ensure that collection is limited to the information necessary to achieve the stated purpose;
• and the need to protect data against accidental destruction.

It does not include a specific requirement to encrypt information at rest.

Responsibility for privacy data

Under EU regulations, both the organization sharing data and the third-party data processor bear responsibility for maintaining the privacy and security of personal information.

The Department of Commerce

The U.S. government agency oversees compliance with the Privacy Shield framework for organizations wishing to use the personal data of EU citizens

[rainit2006]

Classfication schema

The U.S. government specifies

• Secret: for Information that, if disclosed, could cause serious harm to national security.
• Top Secret is reserved for information that could cause exceptionally grave harm
• Confidential data could be expected to cause less harm.
• Unclassified is not an actual classification but only indicates that the data may be released to unclassified individuals. Organizations may still restrict access to unclassified information.

Information shared with customers is public, internal business could be sensitive or private, and trade secrets are proprietary.

Classification identifies the value of data to an organization.

[rainit2006]

PGP for data in motion

PGP, or Pretty Good Privacy (or its open-source alternative, GPG) provide strong encryption of files, which can then be sent via email.

review classification and reclassify

When the value of data changes due to legal, compliance, or business reasons, reviewing classifications and reclassifying the data is an appropriate response.

Data Roles

• Administrators have the rights to assign permissions to access and handle data.
• Custodians are trusted with day-to-day data handling tasks.
• Business owners are typically system or project owners. Business owners have to balance the need to provide value with regulatory, security, and other requirements.
• Data processors are systems used to process data.
• Data owner sets the rules for use and protection of data. The Data owner may grant rights to custodians but will not be responsible for conducting monitoring
• Administrators have the rights to assign permissions to access and handle data.

Disintegration for SSD

Solid state drives (SSDs) cannot be degaussed because they do not store data on magnetic media. Disintegration is the only way you can verify the data is 100% destroyed. Most organizations that fall under NIST 800-88, HIPAA and PCI data destruction require that SSDs and other flash media be shredded to .375” (9.5mm). This size shred ensures that all chips are destroyed.

### Tape Tapes can be erased by degaussing, but degaussing is not always fully effective. ### Data removing - Erasing is the deletion of files or media. Erasing, which describes a typical deletion process in many operating systems, typically removes only the link to the file and leaves the data that makes up the file itself. The data will remain in place but not indexed until the space is needed and it is overwritten. **Erasing is the least-effective way.** - Clearing describes **preparing media for reuse**. When media is cleared, unclassified data is written over all addressable locations on the media. Once that’s completed, the media can be reused. The clearing is used to describe **overwriting media** to allow for its reuse in an environment operating **at the same sensitivity level**. - Purging is a more intensive form of clearing for reuse in lower-security areas. - Purging and clearing both describe more elaborate removal processes. - Degaussing works only on magnetic media, but it can be quite effective on it. **Tapes can be erased by degaussing**, but degaussing is not always fully effective. SSD cannot be deguassing, SSD need to be disintegrated. - Sanitization is a series of processes that removes data from a system or media while ensuring that the data is unrecoverable by any means. - Often the cost of the media is lower than the potential costs of data sanitization, and it is difficult to guarantee that reused media doesn’t contain remnant data. Bitrot describes the slow loss of data on aging media, data permanence is a term sometimes used to describe the life span of data and media. ### Record retention policy Record retention policy describes how long data is retained and maintained before destruction ### Classification policies Classification policies describe how and why classification should occur and who is responsible

[rainit2006]

POODLE

The POODLE (or Padding Oracle On Downgraded Legacy Encryption) attack helped force the move from SSL 3.0 to TLS because it allowed attackers to easily access SSL encrypted messages.

Stuxnet was a worm aimed at the Iranian nuclear program. CRIME and BEAST were earlier attacks against SSL.

Data encryption methods

• Bcrypt is based on Blowfish (the b is a key hint here).
• Diffie-Hellman is a protocol for key exchange.
• BitLocker and Microsoft’s Encrypting File System (EFS) both use AES (Advanced Encryption Standard), which is the NIST-approved replacement for DES (Data Encryption Standard).
• Serpent was a competitor of AES.
• 3DES was created as a possible replacement for DES.