Scribd
Upload
203 views

CISSP - Domain 2 - Asset Security

The document discusses data security and asset protection. It covers topics like data policies, roles and responsibilities, data quality, documentation, standards, lifecycles, and handling requirements. The document provides information and guidance around securing and managing organizational data and assets.

Uploaded by

Jerry Shen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
203 views

CISSP - Domain 2 - Asset Security

The document discusses data security and asset protection. It covers topics like data policies, roles and responsibilities, data quality, documentation, standards, lifecycles, and handling requirements. The document provides information and guidance around securing and managing organizational data and assets.

Uploaded by

Jerry Shen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 15

Domain 2

Asset (Data) Security


Subramaniam Sankaran

Domain 2 - Asset Security 1


Note
• This presentation has been prepared by
Subramaniam Sankaran, for his CISSP program
delivery.
• Please do share this material as required.
• You can reach him on
subramaniam.sankaran@gmail.com

Domain 2 - Asset Security 2


Data Policy
• Long term strategic Goal
• High Level principle and establish a guiding framework for
data management
• Considerations
– Cost
– Ownership and custodian
– Privacy
– Liability
– Sensitivity
– Existing Laws and Policy requirements
– Policy and Process

Domain 2 - Asset Security 3


Roles and Responsibility
• Clearly define roles associated with functions.
• Establish data ownership throughout all
phases of a project.
• Instill data accountability.
• Ensure that adequate, agreed-upon data
quality and metadata metrics are maintained
on a continuous basis.

Domain 2 - Asset Security 4


Data Owner
• The ownership, intellectual property rights, and
copyright of their data
• The statutory and non-statutory obligations relevant
to their business to ensure the data is compliant
• The policies for data security, disclosure control,
release, pricing, and dissemination
• The agreement reached with users and customers on
the conditions of use, set out in a signed
memorandum of agreement or license agreement,
before data is released
Domain 2 - Asset Security 5
Data Custodian
• Adherence to appropriate and relevant data policy and data
ownership guidelines
• Ensuring accessibility to appropriate users, maintaining
appropriate levels of dataset security
• Fundamental dataset maintenance, including but not limited
to data storage and archiving
• Dataset documentation, including updates to documentation
• Assurance of quality and validation of any additions to a
dataset, including periodic audits to assure ongoing data
integrity

Domain 2 - Asset Security 6


Data Quality
• Data capture and recording at the time of gathering
• Data manipulation prior to digitization (label preparation, copying
of data to a ledger, etc.)
• Identification of the collection (specimen, observation) and its
recording
• Digitization of the data
• Documentation of the data (capturing and recording the metadata)
• Data storage and archiving
• Data presentation and dissemination (paper and electronic
publications, Web enabled databases, etc.)
• Using the data (analysis and manipulation)

Domain 2 - Asset Security 7


Data documentation
• Ensure the longevity of data and their re-use
for multiple purposes.
• Ensure that data users understand the content
context and limitations of datasets.
• Facilitate the discovery of datasets.
• Facilitate the interoperability of datasets and
data exchange.

Domain 2 - Asset Security 8


Dataset titles and Filename
• Descriptiveness
• Should not be more than 64 characters

Domain 2 - Asset Security 9


File Contents
• Parameters
• Missing Values
• Coded Fields – Predefined values as opposed
to free text field

Domain 2 - Asset Security 10


Data Standards
• Benefits
– More efficient data management (including
updates and security)
– Increased data sharing
– Higher quality data
– Improved data consistency
– Increased data integration
– Better understanding of data
– Improved documentation of information resources
Domain 2 - Asset Security 11
Data lifecycle and Control
• Data specification and modeling processing and
database maintenance and security
• Ongoing data audit, to monitor the use and
continued effectiveness of existing data
• Archiving, to ensure data is maintained
effectively, including periodic snapshots to
allow rolling back to previous versions in the
event that primary copies and backups are
corrupted
Domain 2 - Asset Security 12
Longevity and Use
• Data Security
• Data Access, Sharing and Dissemination
• Data Publishing

Domain 2 - Asset Security 13


Handling Requirements
• Marking
• Handling
• Storing
• Destroying Sensitive Information

Domain 2 - Asset Security 14


End

Domain 2 - Asset Security 15

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy