# Data Warehouse and Data Lake Security One-sentence definition: Controls for analytical platforms storing large volumes of structured/unstructured data. ## Key Facts - Segmentation: separate staging, raw, curated zones; least privilege. - Encrypt at rest/in transit; per-tenant keys where applicable. - Fine-grained access (column/row masking); secure external tables. - Data governance: lineage, cataloging, retention, PII handling. - Secure connectors and query federation; audit logs. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose controls for mixed sensitivity analytics environments. **Mnemonic:** “Zone, Key, Mask, Monitor.” ## Mini Scenario Q: Analysts need broad access but PII must be hidden—control? A: Dynamic masking or views with column/row filters. ## Revision Checklist - Name 4 security controls for lakes/warehouses. - Explain zone segmentation. - Tie governance artifacts required. ## Related [[Data Lineage and Provenance]] · [[Data Catalogs and Metadata Management]] · [[Pseudonymization vs Anonymization]] · [[Tokenization]] · [[Logs and Telemetry as Sensitive Data]] · [[Domain 2 - Index]]