CHAPTER     2

Asset Security

This chapter presents the following:

•  Information life cycle

•  Information classification and protection

•  Information ownership

•  Protection of privacy

•  Asset retention

•  Data security controls

•  Asset handling requirements

Data is a precious thing and will last longer than the systems themselves.

—Tim Berners-Lee

An asset is, by definition, anything of worth to an organization. This includes people, partners, equipment, facilities, reputation, and information. While every asset needs to be protected, as discussed in Chapter 1 in the context of risk management, this chapter’s coverage of the second CISSP domain focuses on protecting information assets. Information is typically the most valuable asset ...

Get CISSP All-in-One Exam Guide, Eighth Edition, 8th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.