2 cissp ® Official Study Guide Eighth Edition

184
Chapter 5 
■
Protecting Security of Assets
Table 5.3 shows the records after data has been swapped around, effectively masking 
the original data. Notice that this becomes a random set of first names, a random set of last 
names, and a random set of ages. It looks like real data, but none of the columns relates
to each other. However, it is still possible to retrieve aggregated data from the table. The 
average age is still 29.
TA b l e 5 . 3
Masked data
FirstName
LastName
Age
Sally
Doe
37
Maria
Johnson
25
Bob
Smith
28
Joe
Jones
26
Someone familiar with the data set may be able to reconstruct some of the data if the 
table has only three columns and only four records. However, this is an effective method of 
anonymizing data if the table has a dozen columns and thousands of records.
Unlike pseudonymization and tokenization, masking cannot be reversed. After the data 
is randomized using a masking process, it cannot be returned to the original state.
Administrators
A data administrator is responsible for granting appropriate access to personnel. They don’t 
necessarily have full administrator rights and privileges, but they do have the ability to as-
sign permissions. Administrators assign permissions based on the principles of least privilege 
and the need to know, granting users access to only what they need for their job.
Administrators typically assign permissions using a Role Based Access Control model. 
In other words, they add user accounts to groups and then grant permissions to the groups. 
When users no longer need access to the data, administrators remove their account from 
the group. Chapter 13, “Managing Identity and Authentication,” covers the Role Based 
Access Control model in more depth.
Custodians
Data owners often delegate day-to-day tasks to a 
custodian
. A custodian helps protect 
the integrity and security of data by ensuring that it is properly stored and protected. For 
example, custodians would ensure that the data is backed up in accordance with a backup 
policy. If administrators have configured auditing on the data, custodians would also main-
tain these logs.

Determining Ownership 
185
In practice, personnel within an IT department or system security administrators would 
typically be the custodians. They might be the same administrators responsible for assign-
ing permissions to data.
Users
A 
user
is any person who accesses data via a computing system to accomplish work tasks. 
Users have access to only the data they need to perform their work tasks. You can also think 
of users as employees or end users.

Download 19,3 Mb.

Do'stlaringiz bilan baham: