This chapter presents the following:
• Information life cycle
• Information classification and protection
• Information ownership
• Protection of privacy
• Information retention
• Data security controls
• Data handling requirements
Information is the oil of the 21st century.
An asset is, by definition, anything of worth to an organization. This includes people, partners, equipment, facilities, reputation, and information. While every asset needs to be protected, as discussed in Chapter 1 in the context of risk management, this chapter’s coverage of the second CISSP domain focuses exclusively on protecting information assets. Information is typically the most valuable asset to an organization ...