差别

这里会显示出您选择的修订版和当前版本之间的差别。

--- projects:ccsp:chapter2 [2025/06/29 20:05] – 创建 jackiez
+++ projects:ccsp:chapter2 [2025/06/29 20:08] (当前版本) – jackiez
@@ 行 1: / 行 1: @@
 **Summary **
-This chapter discussed the data lifecycle and data management functions within the data life cycle, including data retention, auditing, and disposal. The various roles, rights, and respon sibilities associated with data ownership were described. Data discovery allows organizations to identify data as structured, semi- structured, or  unstructured data. Once data is identified, it is typically classified based on the organization’s  classification scheme. That classification is used to label the data, and it may be mapped  through transformations and transfers to allow it to be used in other systems and services.  This chapter also focused on data flows and the importance of understanding and document ing them, especially in complex and interconnected cloud systems. As data is moved through an organization and accessed by systems, services, and indi viduals, information rights management (IRM) tools are used to ensure that data rights are  enforced. IRM relies on access models to determine which subjects can take which actions,  and those models drive provisioning processes that provide users and systems with the rights  they need in an automated fashion. Finally, we reviewed auditing as a security control for data, including log collection, cor relation, and analysis in cloud and hybrid environments. Packet capture as an audit and  security mechanism is also important, and it can be complex if not impossible in some cloud  environments like software as a service and platform as a service providers.
+This chapter discussed the data lifecycle and data management functions within the data life cycle, including data retention, auditing, and disposal. The various roles, rights, and responsibilities associated with data ownership were described. Data discovery allows organizations to identify data as structured, semi- structured, or unstructured data. Once data is identified, it is typically classified based on the organization’s classification scheme. That classification is used to label the data, and it may be mapped through transformations and transfers to allow it to be used in other systems and services.  This chapter also focused on data flows and the importance of understanding and documenting them, especially in complex and interconnected cloud systems. As data is moved through an organization and accessed by systems, services, and individuals, information rights management (IRM) tools are used to ensure that data rights are enforced. IRM relies on access models to determine which subjects can take which actions, and those models drive provisioning processes that provide users and systems with the rights they need in an automated fashion. Finally, we reviewed auditing as a security control for data, including log collection, correlation, and analysis in cloud and hybrid environments. Packet capture as an audit and security mechanism is also important, and it can be complex if not impossible in some cloud environments like software as a service and platform as a service provider.
 **Exam Essentials**
-**Describe data flows and their use in a cloud environment. ** Data flows are used to describe  where and how data moves throughout an environment. Details like ports, protocols, ser vices, and what data fields or types are sent and received are important components of data  f lows, and this information is typically captured in data flow diagrams. Understand the purpose and method of data categorization and classification. Know why  and how data owners assign categories and classifications to specific datasets under their  control. Explain the typical parts of data classification policies. Describe data mapping and  data labeling. Know how and when data is labeled, and by whom. Understand content- based  discovery and the use of metadata in discovery efforts.
-**Understand the various roles, rights, and responsibilities related to data ownership. **Know  who the data subject, owner, controller, processor, and custodian are. Understand the rights  and responsibilities associated with each.
+**Describe data flows and their use in a cloud environment.** Data flows are used to describe where and how data moves throughout an environment. Details like ports, protocols, ser vices, and what data fields or types are sent and received are important components of data  flows, and this information is typically captured in data flow diagrams. Understand the purpose and method of data categorization and classification. Know why and how data owners assign categories and classifications to specific datasets under their control. Explain the typical parts of data classification policies. Describe data mapping and data labeling. Know how and when data is labeled, and by whom. Understand content- based discovery and the use of metadata in discovery efforts.
-**Be familiar with data discovery methods. **Describe the differences between structured,  semi- structured, and unstructured data and offer examples of each type of data. Understand  why data location matters and what impact it may have on data discovery processes and  capabilities.
+**Understand the various roles, rights, and responsibilities related to data ownership.**Know who the data subject, owner, controller, processor, and custodian are. Understand the rights and responsibilities associated with each.
-**Understand the objectives of and tools used to implement information rights  management. **IRM tools are designed to protect data rights and require provisioning  that gives appropriate users permission based on their roles and responsibilities. Access  models are used to determine who will receive rights, and a combination of certificates for  identification and licenses that list the permissions or rights of the users or systems are used  to make IRM work.
+**Be familiar with data discovery methods.**Describe the differences between structured, semi- structured, and unstructured data and offer examples of each type of data. Understand why data location matters and what impact it may have on data discovery processes and capabilities.
-**Know what should be included in policies for data retention, deletion, and  archiving. **Understand essential aspects like the terms retention and disposal. Know reten tion formats, how regulations dictate these things, and how every policy needs to include  details for maintenance, monitoring, and enforcement.
+**Understand the objectives of and tools used to implement information rights management.**IRM tools are designed to protect data rights and require provisioning that gives appropriate users permission based on their roles and responsibilities. Access models are used to determine who will receive rights, and a combination of certificates for identification and licenses that list the permissions or rights of the users or systems are used to make IRM work.
-**Understand data and media sanitization. **Most traditional sanitization methods will not  work in cloud environments. Cryptographic erasure is one of the few ways to ensure secure  data disposal in environments where you cannot ensure physical destruction of data and  devices. Overwriting and other techniques cannot provide assurance of data destruction in  cloud environments.
+**Know what should be included in policies for data retention, deletion, and archiving.**Understand essential aspects like the terms retention and disposal. Know retention formats, how regulations dictate these things, and how every policy needs to include details for maintenance, monitoring, and enforcement.
+**Understand data and media sanitization.**Most traditional sanitization methods will not work in cloud environments. Cryptographic erasure is one of the few ways to ensure secure data disposal in environments where you cannot ensure physical destruction of data and devices. Overwriting and other techniques cannot provide assurance of data destruction in cloud environments.