# Data Masking and Redaction One-sentence definition: Techniques to obscure sensitive elements in outputs and lower environments. ## Key Facts - Static masking for non-prod datasets; dynamic masking on query. - Redaction removes visible elements in documents/images. - Preserve format for usability (e.g., last 4 digits only). - Policies enforce where masking is mandatory (support, QA). - Avoid reversible masking unless strictly controlled. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose masking vs redaction vs tokenization in scenarios. **Mnemonic:** “Show less, know enough.” ## Mini Scenario Q: Devs need test data from prod—approach? A: Use masked/pseudonymized datasets. ## Revision Checklist - Define static vs dynamic masking. - Give two use-cases. - Identify risks of reversible masking. ## Related [[Pseudonymization vs Anonymization]] · [[Tokenization]] · [[Data Minimization and Purpose Limitation]] · [[Record Management and Data Retention]] · [[Printing and Hardcopy Data Controls]] · [[Domain 2 - Index]]