Think you’ve got what it takes to keep data safe? Let’s find out.
Data breaches can hit anyone, anytime. Even big companies with deep pockets aren’t immune. That’s why everyone needs to step up their game when it comes to data security. Don’t worry if you stumble. We’ve got resources to help you improve. Think of it as a fitness test for your data security muscles. Remember, in today’s digital world, your data is your treasure. Protect it like a dragon guards its gold.
Ready to test your skills? Take the quiz below. It’ll show you where you’re strong and where you might need some work.
Table of Contents
Question 1
What factors determine that a storage security strategy is successful?
A. How much the security costs compared to the value of the data
B. How much it will cost an attacker to breach the defenses
C. How much the organization spends on security per year
D. A and B
E. B and C
Answer
D. A and B
Explanation
No organization should go into data storage security with a plan to spend as little money as possible because it is not a cheap practice. However, a strategic and targeted plan can secure data storage without breaking the bank. An organization that determines the most likely threats with a risk assessment and puts resources toward those vulnerabilities can not only keep expenses down to protect critical data, but ensure that an attacker must spend a significant amount to break through.
Question 2
Remote work significantly increases the risk of cyber threats to data storage security.
A. True
B. False
Answer
A. True
Explanation
The COVID-19 pandemic forced many companies to rapidly move employees to remote work, without the preparation they require to do it securely. Along with working from less secure environments than an official office, it is easy for the lines between work and personal lives — and personal devices — to become blurred. Without their company’s software precautions and other safety measures, employees can put previously secure data storage at risk. Employees might, on their own time, use a cloud platform that is unsanctioned by the organization. They may continue to do so with company data through sheer force of habit or if they cannot easily access official resources remotely.
All is not lost, however. Minimize remote work risks through training, access controls, encryption and communication between IT and staff.
Question 3
Which of these is a major common storage security mistake?
A. Haphazard management
B. Excessive spending
C. The 3-2-1 backup method
D. Siloed storage resources
Answer
A. Haphazard management
Explanation
Haphazard management is a common thread among organizations that face a breach in storage security. Organizations must control the flow of information, and that includes ensuring that valuable data on old servers is secure and accounted for.
The other options, apart from excessive spending, are ways that an organization can prevent haphazard data management. The 3-2-1 backup method, while not foolproof, is a well-known and reliable method of data backup that saves three copies of data on two different types of storage media and one copy off-site. Storage admins should feel free to expand on this, perhaps saving multiple copies of data with different cloud providers, but the basic method is a good place to start to fix questionable data management.
When an organization siloes storage resources outside of the network infrastructure, it creates another barrier between attackers and that data, adding another layer of protection.
Question 4
The security of cloud storage makes encryption optional for most organizations.
A. True
B. False
Answer
B. False
Explanation
Despite recent advancements in cloud storage security, encryption is a must. Along with the numerous outside people from the cloud provider who can potentially have eyes on an organization’s data, the cloud provider itself may be vulnerable to cyber attacks.
There are some key best practices for secure data storage in the cloud. For ultimate security, encrypt cloud data at rest (stored in the data center) and in flight (transmitted to and from the cloud). Storage of encryption keys outside of the cloud keeps them out of the hands of the provider, which could experience its own security breaches. (That’s extra incentive to encrypt cloud storage!)
Question 5
Data protection, data security and data privacy are interchangeable terms.
A. True
B. False
Answer
B. False
Explanation
On the surface, these three terms may look similar, and in practice, they do have a lot of overlap. However, they all play a unique role in secure data storage.
Data protection is made up of backup and recovery strategies and revolves around keeping data safe from corruption or loss. Examples of data protection methods include policies and recovery objectives. Data protection is preparation that ensures the organization can recover data following an incident.
Data security focuses on keeping data safe from internal and external threats, as well as ensuring that the underlying company infrastructure is secure. Examples of data security include multifactor authentication and encryption. Data security is prevention to keep attackers out.
Data privacy determines which data an organization can share, who has access to data and how the company prevents outside access. Data privacy is how an organization determines and maintains access to data only by authorized parties.
Question 6
Which of these standards is most applicable to data storage security?
A. ISO 22332
B. Federal Financial Institutions Examination Council compliance
C. ISO/IEC 27040
D. BPO Certification Institute Human Competence Master Standards 21
Answer
C. ISO/IEC 27040
Explanation
Several standards can be helpful to secure data storage, including ISO/IEC 27040:2015, Information technology — Security techniques — Storage security. This international standard guides users through the storage security process from initial planning through implementation. It covers storage security for devices, media, applications and networks. Risk mitigation is a major part of this standard and a critical aspect of data storage security.
Other standards that organizations may find useful include GDPR, HIPAA and Payment Card Industry Data Security Standard.