0% found this document useful (0 votes)

11 views

Isc2 Cissp 2 7 1 Asset Security Key Points

The document outlines 17 key points related to asset security that are important to understand for the CISSP exam. It covers topics such as data classification, data lifecycles, asset inventory and labeling, roles in data management, data states, encryption methods, standards, and data protection methods for data at rest, in motion, and in use. Understanding these points will help prepare for successfully passing the CISSP exam.

Uploaded by

trojanbaya

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

11 views

Isc2 Cissp 2 7 1 Asset Security Key Points

Uploaded by

trojanbaya

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 3

Asset Security Key Points

Objectives:

At the end of this episode, I will be able to:

Understand and identify the key points and items from Domain 2 that need to be
mastered as part of your preparation to take and pass the CISSP exam.

External Resources:

Asset Security - Key points

1. Classification & Categorization

2. How to manage sensitive information

3. Data / Retention policies

4. Data Policy

5. Asset Inventory | Classification | Labeling | Handling

Data classification schemes (2 types - Government & Private Sector)

6. NIST NICE Framework: Securely Provision (SP) NICE Specialty Areas

a. Risk Management (RSK)

b. Software Development (DEV)
c. Systems Architecture (ARC)
d. Technology R&D (TRD)
e. Systems Requirements Planning (SRP)
f. Test & Evaluation (TST)
g. Systems Development (SYS)

7. Data Lifecycle Management (DLM) vs Information Lifecycle Management (ILM)

8. Data Management Lifecycle (PLAN + 5 phases)

9. PLAN FIRST !!

a. Data Creation
b. Storage
c. Usage/Share
d. Archival
e. Destruction

9. QA (external) vs. QC (internal) & Collection Limitation on data

10. Roles to know:

a. data subject - subject of personal data

b. data owner - master of all
c. data controller - determines processing purpose(s)
d. data processor - managers of all (on behalf of the controller)
e. data custodian - custody, transport, storage & business rules
f. data steward - fitness of data elements
g. administrator - grants permissions / access to data

11. Data, data, data - Remanence & Sanitization

a. clearing
b. purging
c. destruction
e. simple delete = erase
f. destruction - types
Overwriting
Degaussing
Encryption
Crypto-Shredding
Physical Destruction
Chemical Alteration
Phase Shift / transition (Curie Temp)
SSD vs HDD

*** Cloud data - encrypt data while in storage and use ==> upon exit crypto-shred
remaining data

12. Asset Retention - What are the Stages?

• GA / Sale Date
• End of Life / End of Sale
• End of Development
• End of Service Life / End of Support

13. End-of-Life Management

• Maintaining inventories
• Approved end-of-life or sunset policy
• Tracking changes, availability of updates, and end of support
• Risk assessments to determine end-of-life
• Plan for the replacement of systems and comply with policy requirements
• Procedures for secure destruction or data wiping of hard drives

14. Data states

Data exists in 3 well defined states:

a. at rest (storage)
b. in motion (transit / on the wire)
c. in use (application in memory)

15. Link vs End-to-End encryption

16. Scoping & Tailoring (Supplementation)

17. Standards...

18. Data protection methods (Digital Rights Management (DRM), Data Loss
Prevention (DLP), Cloud Access Security Broker (CASB))

a. at rest (storage) -
encryption
obfuscation / tokenization
archive / dispose / destruct
mobile device protection
physical media control

b. in motion (transit) -
encryption
perimeter security
web content filtering
network traffic monitoring
VPN's

c. in use (application) -
encryption
user monitoring
workstation restrictions
application controls (whitelist / blacklist)
data labeling

022 Thor-Teaches-study-guide-CISSP-domain-2 - (FreeCourseWeb - Com)
100% (2)
022 Thor-Teaches-study-guide-CISSP-domain-2 - (FreeCourseWeb - Com)
7 pages
Smart Plant 3D Programming I Labs v7 SP4
100% (6)
Smart Plant 3D Programming I Labs v7 SP4
205 pages
EPM 1173 Final Quiz Questions With Answers
No ratings yet
EPM 1173 Final Quiz Questions With Answers
12 pages
CISSP Chapter 5
No ratings yet
CISSP Chapter 5
2 pages
Domain 4 - PPT Slides
No ratings yet
Domain 4 - PPT Slides
70 pages
Bootcamp Notes
No ratings yet
Bootcamp Notes
28 pages
MDM Presentation
50% (2)
MDM Presentation
68 pages
CISSP Domain 2 Asset Security
No ratings yet
CISSP Domain 2 Asset Security
34 pages
D2 Watermark
No ratings yet
D2 Watermark
1 page
2 Asset Security - 2021
No ratings yet
2 Asset Security - 2021
35 pages
Module2 - Asset Security
No ratings yet
Module2 - Asset Security
44 pages
ISC2 CISSP Domain-2 Study Notes
No ratings yet
ISC2 CISSP Domain-2 Study Notes
11 pages
Cissp 2
No ratings yet
Cissp 2
8 pages
2023+CISSP+Domain+2+Study+Guide+by+ThorTeaches Com+v3 1
No ratings yet
2023+CISSP+Domain+2+Study+Guide+by+ThorTeaches Com+v3 1
8 pages
CISSP Domain 2 v2 Complete
0% (1)
CISSP Domain 2 v2 Complete
29 pages
CISSP Cheat Sheet Domain 2-2 PDF
No ratings yet
CISSP Cheat Sheet Domain 2-2 PDF
1 page
Destination Cert - CISSP - Domain 2
No ratings yet
Destination Cert - CISSP - Domain 2
15 pages
Protecting Security of Assets: Domain 2
No ratings yet
Protecting Security of Assets: Domain 2
24 pages
Isc2 Acceleratedcissp 2018 2 1 1 Asset Security
No ratings yet
Isc2 Acceleratedcissp 2018 2 1 1 Asset Security
5 pages
Domain 2
No ratings yet
Domain 2
11 pages
Isc2 Acceleratedcissp 2018 2 1 2 Asset Security
No ratings yet
Isc2 Acceleratedcissp 2018 2 1 2 Asset Security
5 pages
Cissp d2 Slides
No ratings yet
Cissp d2 Slides
147 pages
Domain 2
No ratings yet
Domain 2
26 pages
Cissp 2022 Update Dom2 Handout
No ratings yet
Cissp 2022 Update Dom2 Handout
24 pages
CISSP - Domain 2 - Asset Security
100% (1)
CISSP - Domain 2 - Asset Security
15 pages
CISSP-2022 Exam Cram Domain 2
No ratings yet
CISSP-2022 Exam Cram Domain 2
24 pages
IS Lecture 05 - Assets Security
No ratings yet
IS Lecture 05 - Assets Security
43 pages
CISSP Chapter 5 Flashcards - Quizlet
No ratings yet
CISSP Chapter 5 Flashcards - Quizlet
5 pages
Thor's+Quick+Sheets+ +CISSP+Domain+2
No ratings yet
Thor's+Quick+Sheets+ +CISSP+Domain+2
5 pages
CCSP 2019 - Data Security Technologies
No ratings yet
CCSP 2019 - Data Security Technologies
13 pages
CISSP Certified - Outline
100% (2)
CISSP Certified - Outline
76 pages
CISSP Exam Cram DOMAIN 2 handout
No ratings yet
CISSP Exam Cram DOMAIN 2 handout
24 pages
domain2-assetsecurity-200605071533
No ratings yet
domain2-assetsecurity-200605071533
115 pages
States of Data
No ratings yet
States of Data
8 pages
Asset Security
No ratings yet
Asset Security
55 pages
Cyber Law and Internet Security-UNIT-III
No ratings yet
Cyber Law and Internet Security-UNIT-III
12 pages
CISSP-Domain-8-Objectives
No ratings yet
CISSP-Domain-8-Objectives
147 pages
Chapter 2 Asset Security
No ratings yet
Chapter 2 Asset Security
39 pages
Cissp - Domain 7 Handout
No ratings yet
Cissp - Domain 7 Handout
78 pages
CISSP V7 Slide Deck - Domain 2
No ratings yet
CISSP V7 Slide Deck - Domain 2
72 pages
Domain 1: Security and Risk Management
No ratings yet
Domain 1: Security and Risk Management
11 pages
Notas Domain 2 Cissp
No ratings yet
Notas Domain 2 Cissp
2 pages
2023+CISSP+Domain+2+Study+Guide+by+ThorTeaches Com+v4 0
No ratings yet
2023+CISSP+Domain+2+Study+Guide+by+ThorTeaches Com+v4 0
9 pages
CISSP Domain2 - 2024
No ratings yet
CISSP Domain2 - 2024
49 pages
Guardians+Domain+2+for+udemy
No ratings yet
Guardians+Domain+2+for+udemy
5 pages
CISSP Cornell Notes Domain 2 1728309424
No ratings yet
CISSP Cornell Notes Domain 2 1728309424
45 pages
Sy0 601 16
No ratings yet
Sy0 601 16
20 pages
42-50 Go
No ratings yet
42-50 Go
9 pages
3rd September CISA Class Batch Notes
No ratings yet
3rd September CISA Class Batch Notes
7 pages
CISSP Program Overview
No ratings yet
CISSP Program Overview
19 pages
Cissp LMRG 2024
No ratings yet
Cissp LMRG 2024
16 pages
Domain2: (Chapter 5)
No ratings yet
Domain2: (Chapter 5)
13 pages
Intel Security - Grand Theft Data - 124335
No ratings yet
Intel Security - Grand Theft Data - 124335
30 pages
2-CISSP-U
No ratings yet
2-CISSP-U
9 pages
Data Security and Cryptography Tutorial
No ratings yet
Data Security and Cryptography Tutorial
4 pages
CISSP Domain 2 Asset Security Detailed
No ratings yet
CISSP Domain 2 Asset Security Detailed
32 pages
Domain 8 - Software Development Security
No ratings yet
Domain 8 - Software Development Security
19 pages
Cisa WB05
No ratings yet
Cisa WB05
102 pages
Keeping Data Safe - The Complete Guide To Data Security
No ratings yet
Keeping Data Safe - The Complete Guide To Data Security
22 pages
Week 2 Ch07-2
No ratings yet
Week 2 Ch07-2
20 pages
Essential Backup Strategies and Techniques: Definitive Reference for Developers and Engineers
From Everand
Essential Backup Strategies and Techniques: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
CISSP Certification Exam Study Guide: (Cerified Information Systems Security Professional)
From Everand
CISSP Certification Exam Study Guide: (Cerified Information Systems Security Professional)
Kumud Kumar
No ratings yet
R1Soft Administration and Implementation: Definitive Reference for Developers and Engineers
From Everand
R1Soft Administration and Implementation: Definitive Reference for Developers and Engineers
Richard Johnson
No ratings yet
Isc2 Acceleratedcissp 2018 3 1 15 Security Architecture and Engineering
No ratings yet
Isc2 Acceleratedcissp 2018 3 1 15 Security Architecture and Engineering
37 pages
Isc2 Acceleratedcissp 2018 3 1 18 Security Architecture and Engineering Key Points
No ratings yet
Isc2 Acceleratedcissp 2018 3 1 18 Security Architecture and Engineering Key Points
3 pages
Isc2 Cissp 3 2 1 Fundamental Concepts of Security Models
No ratings yet
Isc2 Cissp 3 2 1 Fundamental Concepts of Security Models
5 pages
Isc2 Cissp 1 16 1 Security and Risk Management Key Points
No ratings yet
Isc2 Cissp 1 16 1 Security and Risk Management Key Points
3 pages
Isc2 Cissp 1 13 1 Threat Modeling Concepts and Methodologies
No ratings yet
Isc2 Cissp 1 13 1 Threat Modeling Concepts and Methodologies
2 pages
Isc2 Cissp 1 7 1 Understand Requirements For Investigation Types
No ratings yet
Isc2 Cissp 1 7 1 Understand Requirements For Investigation Types
2 pages
Isc2 Cissp 2 6 1 Data Security Controls & Compliance Requirements
No ratings yet
Isc2 Cissp 2 6 1 Data Security Controls & Compliance Requirements
4 pages
Isc2 Cissp 1 1 1 Understand Adhere To and Promote Professional Ethics
No ratings yet
Isc2 Cissp 1 1 1 Understand Adhere To and Promote Professional Ethics
1 page
Isc2 Cissp 1 3 1 Evaluate and Apply Security Governance Principles
No ratings yet
Isc2 Cissp 1 3 1 Evaluate and Apply Security Governance Principles
4 pages
Isc2 Cissp 1 2 1 Understand and Apply Security Concepts (Cia)
No ratings yet
Isc2 Cissp 1 2 1 Understand and Apply Security Concepts (Cia)
2 pages
Domain 3
No ratings yet
Domain 3
109 pages
Firewall Types
No ratings yet
Firewall Types
8 pages
Domain 3 - Crypto Definitions
No ratings yet
Domain 3 - Crypto Definitions
5 pages
CCSP Exam Cram DOMAIN 1 Handout
No ratings yet
CCSP Exam Cram DOMAIN 1 Handout
207 pages
CCSP Exam Cram DOMAIN 3 Handout
No ratings yet
CCSP Exam Cram DOMAIN 3 Handout
139 pages
CCSP Exam Cram DOMAIN 5 Handout
No ratings yet
CCSP Exam Cram DOMAIN 5 Handout
183 pages
Databases and Information Management
No ratings yet
Databases and Information Management
2 pages
36 Online Fashion Stylist Website PY036
No ratings yet
36 Online Fashion Stylist Website PY036
4 pages
Postgresql PHP PDF
No ratings yet
Postgresql PHP PDF
7 pages
Programming Languages:Java (J2SE 8, J2EE, J2ME, Sockets, IO, Threads, Servlets, JSP
No ratings yet
Programming Languages:Java (J2SE 8, J2EE, J2ME, Sockets, IO, Threads, Servlets, JSP
7 pages
Lab Mannual Web Development Lab Vii Sem
0% (1)
Lab Mannual Web Development Lab Vii Sem
72 pages
Customers: (Salesmanid: "The One Who Onboarder This Customer",) Orders (Parchaseamt: "Amount of Transaction",Orderdt:"Order Date",Customerid "Konsa
No ratings yet
Customers: (Salesmanid: "The One Who Onboarder This Customer",) Orders (Parchaseamt: "Amount of Transaction",Orderdt:"Order Date",Customerid "Konsa
8 pages
DBS Notes
No ratings yet
DBS Notes
85 pages
Basic Concepts of OOP
No ratings yet
Basic Concepts of OOP
7 pages
Real State Document
100% (1)
Real State Document
34 pages
Dbms Notes
No ratings yet
Dbms Notes
9 pages
Cloud Computing Concepts and Exam Guide
No ratings yet
Cloud Computing Concepts and Exam Guide
9 pages
BMC Identity Management
No ratings yet
BMC Identity Management
2 pages
Hadoop The Definitive Guide 3rd Edition
100% (1)
Hadoop The Definitive Guide 3rd Edition
647 pages
Prepare Cross-Company Code Transactions - SAP FI
100% (3)
Prepare Cross-Company Code Transactions - SAP FI
19 pages
Batch Files - Collection
No ratings yet
Batch Files - Collection
4 pages
Lect 1
No ratings yet
Lect 1
15 pages
2 - Computer Software
No ratings yet
2 - Computer Software
5 pages
Name - Bharti Pallavi Arjun Roll No. - 18141112 Q.1) Prepare List of Automated Software Testing Tool. Ans
No ratings yet
Name - Bharti Pallavi Arjun Roll No. - 18141112 Q.1) Prepare List of Automated Software Testing Tool. Ans
6 pages
DBMS II Chapter 1
No ratings yet
DBMS II Chapter 1
17 pages
lecture_note_420507181042070
No ratings yet
lecture_note_420507181042070
44 pages
Css Microproject Final
No ratings yet
Css Microproject Final
19 pages
UiPath-ADPv1 Cheat Sheet - REFramework
No ratings yet
UiPath-ADPv1 Cheat Sheet - REFramework
3 pages
VISHAL ROHIT Project
No ratings yet
VISHAL ROHIT Project
35 pages
Microsoft Azure Administrator (Architect) Training Syllabus: Module 1:-Azure Cloud Computing Basics
No ratings yet
Microsoft Azure Administrator (Architect) Training Syllabus: Module 1:-Azure Cloud Computing Basics
10 pages
1 3+++1 4+++1 6+++hw++hw+due+03-06-2024
No ratings yet
1 3+++1 4+++1 6+++hw++hw+due+03-06-2024
8 pages
DD With Networker Boost Integration
No ratings yet
DD With Networker Boost Integration
196 pages
Sap SD User Exits
100% (3)
Sap SD User Exits
4 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Isc2 Cissp 2 7 1 Asset Security Key Points

Uploaded by

Isc2 Cissp 2 7 1 Asset Security Key Points

Uploaded by

Asset Security Key Points

At the end of this episode, I will be able to:

Asset Security - Key points

1. Classification & Categorization

2. How to manage sensitive information

3. Data / Retention policies

5. Asset Inventory | Classification | Labeling | Handling

Data classification schemes (2 types - Government & Private Sector)

6. NIST NICE Framework: Securely Provision (SP) NICE Specialty Areas

a. Risk Management (RSK)

7. Data Lifecycle Management (DLM) vs Information Lifecycle Management (ILM)

8. Data Management Lifecycle (PLAN + 5 phases)

9. QA (external) vs. QC (internal) & Collection Limitation on data

10. Roles to know:

a. data subject - subject of personal data

11. Data, data, data - Remanence & Sanitization

12. Asset Retention - What are the Stages?

13. End-of-Life Management

14. Data states

Data exists in 3 well defined states:

15. Link vs End-to-End encryption

16. Scoping & Tailoring (Supplementation)

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.