DAMA DMBOK Ch. 7: Data Security
What is the primary goal of data security? - CORRECT ANSWER ✔✔✔ To protect information assets in
alignment with privacy regulations, contractual agreements, and business requirements.
Who are the key stakeholders in data security? - CORRECT ANSWER ✔✔✔ Clients, patients, students,
citizens, suppliers, and business partners.
What role do government regulations play in data security? - CORRECT ANSWER ✔✔✔ They protect
stakeholder interests through various regulations with different goals.
What is a critical component of effective data security policies? - CORRECT ANSWER ✔✔✔ Ensuring the
right people can use and update data while restricting inappropriate access.
What are the primary business drivers for data security? - CORRECT ANSWER ✔✔✔ Risk reduction and
business growth.
How does risk reduction relate to data security? - CORRECT ANSWER ✔✔✔ It involves managing
compliance requirements and protecting private information to avoid breaches.
What is the impact of security breaches on businesses? - CORRECT ANSWER ✔✔✔ They can lead to
financial losses and a decline in customer trust.
What is the significance of Metadata in data security? - CORRECT ANSWER ✔✔✔ It helps manage
sensitive data by capturing security classifications and regulatory sensitivity.
What are the goals of data security? - CORRECT ANSWER ✔✔✔ To enable appropriate access, prevent
inappropriate access, and ensure compliance with privacy regulations.
What principle emphasizes the need for collaboration in data security? - CORRECT ANSWER ✔✔✔
Collaboration among IT security administrators, data stewards, audit teams, and legal departments.
What does proactive management in data security entail? - CORRECT ANSWER ✔✔✔ Engaging
stakeholders and managing change to overcome organizational bottlenecks.
Define vulnerability in the context of data security. - CORRECT ANSWER ✔✔✔ A weakness or defect
that allows successful attacks and compromises data security.
What is a threat in data security? - CORRECT ANSWER ✔✔✔ A potential offensive action against an
organization, which can be internal or external.
How is risk defined in data security? - CORRECT ANSWER ✔✔✔ The possibility of loss and the
conditions posing potential loss.
What are the classifications of risk data? - CORRECT ANSWER ✔✔✔ Critical Risk Data (CRD), High Risk
Data (HRD), and Moderate Risk Data (MRD).
What is Critical Risk Data (CRD)? - CORRECT ANSWER ✔✔✔ Personal information sought for
unauthorized use with high financial value, compromising it harms individuals and businesses.
What is the role of a Chief Information Security Officer (CISO)? - CORRECT ANSWER ✔✔✔ To oversee
the information security function, typically reporting to the CIO or CEO.
, What are the four A's of data security processes? - CORRECT ANSWER ✔✔✔ Access, Audit,
Authentication, and Authorization.
What is the purpose of security monitoring in data security? - CORRECT ANSWER ✔✔✔ To prove the
success of security processes and ensure compliance.
What does the term 'entitlement' refer to in data security? - CORRECT ANSWER ✔✔✔ It refers to the
permissions granted to individuals to access specific data or systems.
Why is clear accountability important in data security? - CORRECT ANSWER ✔✔✔ It ensures that roles
and responsibilities are defined, including the chain of custody for data.
What is the impact of e-commerce growth on data security? - CORRECT ANSWER ✔✔✔ It necessitates
robust information security to enable transactions and build customer confidence.
What is the significance of classifying data in information security? - CORRECT ANSWER ✔✔✔ It helps
identify what data requires protection and determines access permissions.
What are some examples of internal risks to data security? - CORRECT ANSWER ✔✔✔ Employee
ignorance or bypassing security policies.
How can organizations reduce risk by reducing exposure? - CORRECT ANSWER ✔✔✔ By minimizing the
proliferation of sensitive and confidential data, especially in non-production environments.
What is the purpose of an audit in data security? - CORRECT ANSWER ✔✔✔ To review security actions
and user activity to ensure compliance with regulations and company policies.
What does authentication validate? - CORRECT ANSWER ✔✔✔ It validates users' access by verifying
their identity, often using passwords, security tokens, or biometric methods.
What is the role of authorization in data security? - CORRECT ANSWER ✔✔✔ To grant individuals
privileges to access specific data views appropriate to their role.
What does entitlement refer to in data security? - CORRECT ANSWER ✔✔✔ The total of all data
elements a user can access based on a single access authorization decision.
What is the importance of monitoring in data security? - CORRECT ANSWER ✔✔✔ To detect
unexpected events and potential security violations, often through active or passive monitoring controls.
What is data integrity? - CORRECT ANSWER ✔✔✔ The state of being whole and protected from
improper alteration, deletion, or addition.
How does encryption function in data security? - CORRECT ANSWER ✔✔✔ It translates plain text into
complex codes to hide information and verify transmission integrity.
What is a hash in encryption methods? - CORRECT ANSWER ✔✔✔ An algorithm that converts data into
a mathematical representation, used for integrity verification.
What is the difference between private-key and public-key encryption? - CORRECT ANSWER ✔✔✔
Private-key uses one key for both sender and recipient, while public-key uses different keys for each.
What is the primary goal of data security? - CORRECT ANSWER ✔✔✔ To protect information assets in
alignment with privacy regulations, contractual agreements, and business requirements.
Who are the key stakeholders in data security? - CORRECT ANSWER ✔✔✔ Clients, patients, students,
citizens, suppliers, and business partners.
What role do government regulations play in data security? - CORRECT ANSWER ✔✔✔ They protect
stakeholder interests through various regulations with different goals.
What is a critical component of effective data security policies? - CORRECT ANSWER ✔✔✔ Ensuring the
right people can use and update data while restricting inappropriate access.
What are the primary business drivers for data security? - CORRECT ANSWER ✔✔✔ Risk reduction and
business growth.
How does risk reduction relate to data security? - CORRECT ANSWER ✔✔✔ It involves managing
compliance requirements and protecting private information to avoid breaches.
What is the impact of security breaches on businesses? - CORRECT ANSWER ✔✔✔ They can lead to
financial losses and a decline in customer trust.
What is the significance of Metadata in data security? - CORRECT ANSWER ✔✔✔ It helps manage
sensitive data by capturing security classifications and regulatory sensitivity.
What are the goals of data security? - CORRECT ANSWER ✔✔✔ To enable appropriate access, prevent
inappropriate access, and ensure compliance with privacy regulations.
What principle emphasizes the need for collaboration in data security? - CORRECT ANSWER ✔✔✔
Collaboration among IT security administrators, data stewards, audit teams, and legal departments.
What does proactive management in data security entail? - CORRECT ANSWER ✔✔✔ Engaging
stakeholders and managing change to overcome organizational bottlenecks.
Define vulnerability in the context of data security. - CORRECT ANSWER ✔✔✔ A weakness or defect
that allows successful attacks and compromises data security.
What is a threat in data security? - CORRECT ANSWER ✔✔✔ A potential offensive action against an
organization, which can be internal or external.
How is risk defined in data security? - CORRECT ANSWER ✔✔✔ The possibility of loss and the
conditions posing potential loss.
What are the classifications of risk data? - CORRECT ANSWER ✔✔✔ Critical Risk Data (CRD), High Risk
Data (HRD), and Moderate Risk Data (MRD).
What is Critical Risk Data (CRD)? - CORRECT ANSWER ✔✔✔ Personal information sought for
unauthorized use with high financial value, compromising it harms individuals and businesses.
What is the role of a Chief Information Security Officer (CISO)? - CORRECT ANSWER ✔✔✔ To oversee
the information security function, typically reporting to the CIO or CEO.
, What are the four A's of data security processes? - CORRECT ANSWER ✔✔✔ Access, Audit,
Authentication, and Authorization.
What is the purpose of security monitoring in data security? - CORRECT ANSWER ✔✔✔ To prove the
success of security processes and ensure compliance.
What does the term 'entitlement' refer to in data security? - CORRECT ANSWER ✔✔✔ It refers to the
permissions granted to individuals to access specific data or systems.
Why is clear accountability important in data security? - CORRECT ANSWER ✔✔✔ It ensures that roles
and responsibilities are defined, including the chain of custody for data.
What is the impact of e-commerce growth on data security? - CORRECT ANSWER ✔✔✔ It necessitates
robust information security to enable transactions and build customer confidence.
What is the significance of classifying data in information security? - CORRECT ANSWER ✔✔✔ It helps
identify what data requires protection and determines access permissions.
What are some examples of internal risks to data security? - CORRECT ANSWER ✔✔✔ Employee
ignorance or bypassing security policies.
How can organizations reduce risk by reducing exposure? - CORRECT ANSWER ✔✔✔ By minimizing the
proliferation of sensitive and confidential data, especially in non-production environments.
What is the purpose of an audit in data security? - CORRECT ANSWER ✔✔✔ To review security actions
and user activity to ensure compliance with regulations and company policies.
What does authentication validate? - CORRECT ANSWER ✔✔✔ It validates users' access by verifying
their identity, often using passwords, security tokens, or biometric methods.
What is the role of authorization in data security? - CORRECT ANSWER ✔✔✔ To grant individuals
privileges to access specific data views appropriate to their role.
What does entitlement refer to in data security? - CORRECT ANSWER ✔✔✔ The total of all data
elements a user can access based on a single access authorization decision.
What is the importance of monitoring in data security? - CORRECT ANSWER ✔✔✔ To detect
unexpected events and potential security violations, often through active or passive monitoring controls.
What is data integrity? - CORRECT ANSWER ✔✔✔ The state of being whole and protected from
improper alteration, deletion, or addition.
How does encryption function in data security? - CORRECT ANSWER ✔✔✔ It translates plain text into
complex codes to hide information and verify transmission integrity.
What is a hash in encryption methods? - CORRECT ANSWER ✔✔✔ An algorithm that converts data into
a mathematical representation, used for integrity verification.
What is the difference between private-key and public-key encryption? - CORRECT ANSWER ✔✔✔
Private-key uses one key for both sender and recipient, while public-key uses different keys for each.
