Sec 701 - Examining PKI episode
-
Hi Wes:
RE: Key escrow
Toward the very end of the Sec 701 Examining PKI episode, you quickly define key escrow.
In your definition, I noticed you mistakenly included, if the key becomes compromised, a couple of times.
Well, if the key becomes compromised, we should destroy the key, not retrieve it from key escrow.
If we are using a key escrow, we would contact them if we should lose access to our keys.
Regards,
Shahla
-
Hey @Shahla-Pirnia great catch! You are correct, compromised keys will not be reused, or pulled from the escrow. What I meant to state is that key escrows can be used so that the keys are protected from lost or compromise. I will include an erratum. Thank you for watching.
-
Hi Wes:
Thank you for your reply!
It is super difficult to do live recording. You’re doing a terrific job!
You amaze me every time with the speed, accuracy, & thoroughness with which you cover the exam objectives.
Best regards,
Shahla
-
@Shahla-Pirnia thank you for your kind words and whenever you need help with any content, please do not hesitate to reach out!
-
Hi Wes,
I am stuck on Anthony’s 701 Data Classification video. Just doesn’t make sense to me. So, I am asking for a second opinion.
What do you think is the order of data classification for a private organization given these options — public, private, sensitive, restricted, critical, confidential?
Thank you,
Shahla
-
Hi Shahla!
How a private organization chooses to classify their data is completely up to them - so you will encounter tremendous variety from one private company to another. For example, the last big Fortune 500 US company I worked for - they did this:
Public
Private
Internal
Confidentail
RestrictedAnother company might look at that method and say "We don't need that many levels!" or they might say "We need a couple more!"
This is why certification exams tend not to ask questions very specific to private classification levels. With that said...my best guess at an answer to your question (with guidance from Wes) is the order you provided:
Public
Private
Sensitive
Restricted
Critical
ConfidentialBut do we know for sure? No. We would need to speak to the fictional Chief Information Officer of this fictional private company to find out. :-)
Thanks so much for the great question and I am standing by to help along with our other Edutainers!
-
Hi Anthony,
I agree that the data classification order & options would be the private sector company’s decision.
I do feel critical and restricted could very well be higher data classification levels than confidential for the private sector.
And CompTIA has provided us with too many options for this exam sub-objective, without guidance.
Regards,
Shahla
-
@Shahla-Pirnia Yes - I agree with you! Critical, confidential, and restricted were the ones that were giving Wes and I fits as far as what the most common order would be across private companies.
-
Yes! That was it for me too!!
Thank you Anthony & Wes for looking into my question!
I appreciate it very much.
Regards,
Shahla