Which of the following policies is implemented in order to minimize data loss or theft?
A. PII handling
B. Password policy
C. Chain of custody
D. Zero day exploits
Correct Answer: A
Section: Compliance and Operational Security
Although the concept of PII is old, it has become much more important as information technology and the Internet have made it easier to collect PII through breaches of internet security, network security and web browser security, leading to a profitable market in collecting and reselling PII. PII can also be exploited by criminals to stalk or steal the identity of a person, or to aid in the planning of criminal acts. Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. Thus a PII handling policy can be used to protect data.
B: Password policy is usually implemented to control access to resources.
C: Chain of custody refers to a basic forensic procedure that is taken into account after an event occurred.
D: When a hole is found in a web browser or other software and attackers begin exploiting it the very day it is discovered by the developer (bypassing the one-to-two-day response time
that many software providers need to put out a patch once the hole has been found), it is known as a zero-day exploit.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 338, 404