Pass CDPSE Exam Guide

Data sanitization is a process of permanently erasing or destroying data from a storage device or media to prevent unauthorized access or recovery of the data. Data sanitization methods can include physical destruction, degaussing, overwriting, encryption or cryptographic erasure. The most important consideration when using advanced data sanitization methods to ensure privacy data will be unrecoverable is the type of media on which the data is stored, as different media types may require different methods or techniques to achieve effective sanitization. For example, physical destruction may be suitable for optical disks or tapes, but not for solid state drives (SSDs) or flash memory devices. Degaussing may be effective for magnetic disks or tapes, but not for optical disks or SSDs. Overwriting may work for hard disk drives (HDDs) or SSDs, but not for tapes or optical disks. Encryption or cryptographic erasure may be applicable for any media type, but may require additional security measures to protect the encryption keys or certificates. The other options are not as important as the type of media when using advanced data sanitization methods. Subject matter expertise may be helpful, but not essential, as long as the appropriate method is selected and applied correctly. Regulatory compliance requirements may influence the choice of method, but not necessarily determine it, as different methods may meet different standards or criteria. Location of data may affect the feasibility or cost of applying a method, but not its effectiveness or suitability., p. 93-94 References: : CDPSE Review Manual (Digital Version)

Data masking is the process of hiding original data with modified content to protect sensitive data from unauthorized access or disclosure. Data masking is often used for testing purposes in non-production environments, where personal data is not needed or allowed. However, data masking can pose several challenges, especially for a global financial institution that has multiple interconnected systems and applications. One of the greatest challenges is to preserve the complex relationships within and across systems while masking the data. This means that the masked data must maintain the same format, referential integrity, semantic integrity, and uniqueness as the original data, so that the testing results are valid and reliable. For example, if a customer’s name is masked in one system, it must be masked consistently in all other systems that reference it. If a transaction amount is masked in one system, it must not violate any business rules or constraints in another system. If a credit card number is masked in one system, it must still be a valid credit card number in another system. Preserving these complex relationships can be challenging because it requires a thorough understanding of the data model, the business logic, and the dependencies among systems. It also requires a robust and flexible data masking tool that can handle different types of data and platforms.