- Data Loss Prevention
- Data Loss Detection
- Data Classification, Labeling, and Tagging
- Obfuscation
- Anonymization
- Encrypted vs. Unencrypted
- Data Life Cycle
- Data Inventory and Mapping
- Data Integrity Management
- Data Storage, Backup, and Recovery
- Exam Preparation Tasks
- Review All Key Topics
- Define Key Terms
- Review Questions
This chapter is from the book
This chapter is from the book
This chapter is from the book
Data Classification, Labeling, and Tagging
Earlier in this chapter you learned about the value of classifying data into sensitivity levels. In this section you’ll learn about how data is marked with its classification.
Metadata/Attributes
Data types are marked or labeled with their classification. This can be done physically with tags on storage devices containing data of various types and can also be done electronically so the DLP system can read this information and take the appropriate action, according to the DLP policy. Attributes (properties) of the data and its metadata (more details about the data) can also be used in this process.
XACML
Extensible Access Control Markup Language (XACML) is a standard for an access control policy language using Extensible Markup Language (XML). Its goal is to create an attribute-based access control system that decouples the access decision from the application or the local machine. It provides for fine-grained control of activities based on criteria including:
■ Attributes of the user requesting access (for example, all division managers in London)
■ The protocol over which the request is made (for example, HTTPS)
■ The authentication mechanism (for example, requester must be authenticated with a certificate)
LDAP
LDAP attributes are used in Active Directory. Examples include the Distinguished Name (DN) and Relative Distinguished Name (RDN), Common Name (CN), Domain Component (DC), and Organizational Unit (OU) attributes.