CHAPTER 2

Asset Security

This chapter presents the following:

•  Information life cycle

•  Information classification and protection

•  Information ownership

•  Protection of privacy

•  Information retention

•  Data security controls

•  Data handling requirements

Information is the oil of the 21st century.

—Peter Sondergaard

An asset is, by definition, anything of worth to an organization. This includes people, partners, equipment, facilities, reputation, and information. While every asset needs to be protected, as discussed in Chapter 1 in the context of risk management, this chapter’s coverage of the second CISSP domain focuses exclusively on protecting information assets. Information is typically the most valuable asset to an organization ...

Get CISSP All-in-One Exam Guide, Seventh Edition, 7th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.