Which technique involves replacing values within a specific data field to protect sensitive data?
Which technique involves replacing values within a specific data field to protect sensitive data?
Masking involves replacing specific data within a data set with new values to protect sensitive information. For example, this technique is commonly used with credit card numbers where most digits are masked with a character such as an asterisk, leaving only the last four digits visible for identification. This ensures sensitive data is protected while still allowing for necessary identification and confirmation.
The CCSP Official Guide states: "The term obfuscation refers to the application of any of these techniques in order to make the data less meaningful, detailed, or readable in order to protect the data or the subject of the data." The guide indicates that obfuscation can be achieved either by masking or anonymizing. And masking has several techniques. From that explanation: obfuscation does not always mean replacing values (it can be anonymized the information, meaning, removing the information). And tokenization may be an option, but a more general answer is masking. That's why the most accurate answer is masking.
This is another case where the examiner decides what they want as the answer, all of the answers can be correct: Data masking or Obfuscation is a process of hiding, replacing, or omitting sensitive information e.g. PII, PHI, PCI Data Anonymization is a technique for information sanitization with an intent to protect privacy. Tokenization is substituting sensitive information with non-sensitive information
I'm gonna say B because it says "within a specific data field" which makes masking the best answer.
Tokenization is the most appropriate answer as there are more than one ways to mask or obfuscate data that includes tokenization. However, tokenization is the process of substituting a sensitive data with a non-sensitive data (token).
I mean why Obfuscation is not the answer? Obfuscation is the same as Masking, isn't it?
Masking is the best answer. IN this cases you are suppose to provide the best answer. I agree though that they are similar concepts, but each one has its best definition.
answer is B masking the other three are specific types of masking
Why Masking or Obfuscation are not the answers?
Obfuscation involves intentionally making code or data more complex or unclear. While it can provide some protection, it’s not specifically designed for sensitive data.
While "D. Obfuscation" is also a technique used to protect sensitive data, it generally refers to making data unclear or difficult to understand through various methods, rather than specifically replacing values within a data field. Obfuscation can include techniques like encryption, scrambling, or using dummy data.
B. The answer is Masking. Data obfuscation is the blanket term for transforming data into a different form to protect it. There are three main types of data obfuscation: data masking, tokenization, and encryption. Data masking creates a substitute version of a dataset. The data values are changed, but the format remains the same. Remember we are looking for the BEST answer.
The correct answer is B (see AWS definition: https://aws.amazon.com/what-is/data-masking/)
Token the field
B. Masking
I think we have to stick to CCSP classification : Data security strategies : • Obfusaction ○ Data anonymization ○ Data masking - Substitution - Scrambling - Deletion or nulling •tokenization •homomorphic encryption • bit splitting In our case, "replacing value with specific data" correspond to "data masking with substitution" Answer B
Masking is same as Obfuscation. This is question is less accurate