You are conducting an audit of a system that stores credit card data. While reviewing database records you notice the credit card numbers are stored, but with the majority of the digits being replace with periods. (e.g. instead of 5105-1051-0510-5100 it is stored as ....-....-....-5100). What term most accurately describes this scenario?
Sensitive Data Replacement (SDR)
Correct Incorrect Unanswered Report Issue Answer Description
Data Masking is a strategy for securely storing sensitive data. In this scenario the majority of the credit card digitals are being replaced with periods to ensure if they were leaked the full credit card number would not be compromised.
Wikipedia
Data masking or data obfuscation is the process of modifying sensitive data in such a way that it is of no or little value to unauthorized intruders while still being usable by software or authorized personnel. Data masking can also be referred as anonymization, or tokenization, depending on different context.
The main reason to mask data is to protect information that is classified as personally identifiable information, or mission critical data. However, the data must remain usable for the purposes of undertaking valid test cycles. It must also look real and appear consistent. It is more common to have masking applied to data that is represented outside of a corporate production system. In other words, where data is needed for the purpose of application development, building program extensions and conducting various test cycles. It is common practice in enterprise computing to take data from the production systems to fill the data component, required for these non-production environments. However, this practice is not always restricted to non-production environments. In some organizations, data that appears on terminal screens to call center operators may have masking dynamically applied based on user security permissions (e.g. preventing call center operators from viewing credit card numbers in billing systems).
The primary concern from a corporate governance perspective is that personnel conducting work in these non-production environments are not always security cleared to operate with the information contained in the production data. This practice represents a security hole where data can be copied by unauthorized personnel, and security measures
Data_masking - Wikipedia, the free encyclopedia Subscribe to avoid duplicate questions and track your progress over time