Data Governance & Privacy
This process manages information throughout its entire lifecycle.
What is data governance?
This SDLC method uses seven distinct phases including requirements, design, implementation, testing, and retirement.
What is the Waterfall SDLC?
A web attack commonly enabled by poor input validation where injected script runs in the victim’s browser under the trusted site’s permissions.
What is cross-site scripting (XSS)?
This cloud model is “multitenant,” where multiple consumers share the same resource pool.
What is public cloud?
This de-identification control hides sensitive values by redacting all or part of the data (often replacing characters with “X”)
What is data masking?
The first step in the data lifecycle where labels are applied to indicate privacy/confidentiality.
What is data classification?
In Waterfall, this phase is where code is written and built into units that are later integrated.
What is the Implementation phase?
This defense uses placeholders so the database executes only known-safe intent, reducing injection risk.
What are parameterized queries?
A model combining public and private cloud—meaning the organization takes on security concerns of both.
What is hybrid cloud?
This technique replaces a field’s value with a randomly generated substitute while storing the original value in a separate vault—making it reversible when authorized.
What is tokenization?
The highest level in the military-style classification scheme.
What is Top Secret?
This life cycle approach runs phases concurrently on smaller modules and can become somewhat open-ended.
What is Agile SDLC?
A testing technique that sends invalid/unexpected/randomized inputs to find bugs and vulnerabilities.
What is fuzzing?
Software that mediates access to cloud services, adds visibility into usage, and commonly supports DLP features.
What is a CASB (Cloud Access Security Broker)?
This method generalizes data (like replacing an exact age with an age range) to reduce identifiability.
What is aggregation/banding?
When information’s classification label is downgraded because it no longer needs the same protections.
What is declassification?
In SDL, this phase includes “white box” source code analysis and code review to identify vulnerabilities.
What is the Implementation phase (in SDL)?
If you see one password attempted once across many accounts in logs, this attack is likely occurring.
What is password spraying?
This XML-based federation standard lets an Identity Provider authenticate a user and pass an authentication token to a Service Provider.
What is SAML?
This attack combines a de-identified dataset with other sources (like public records) to find overlaps and reveal identities.
What is a re-identification attack?
This regulation requires disclosure of personal-data breaches and commonly uses a ~72-hour notification window.
What is GDPR?
A type of privilege escalation where a low-privilege user performs admin/root-level functions they shouldn’t be allowed to.
What is vertical privilege escalation?
A common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed
This security approach assumes no implicit trust (even inside the network) and requires continuous verification of users, devices, and sessions.
What is Zero Trust?
A specific re-identification approach that links an unidentified dataset to easier-to-obtain auxiliary information about individuals to find overlaps.
What is a linkage attack?