This chapter presents the following:
• Information life cycle
• Information classification and protection
• Information ownership
• Protection of privacy
• Asset retention
• Data security controls
• Asset handling requirements
Data is a precious thing and will last longer than the systems themselves.
An asset is, by definition, anything of worth to an organization. This includes people, partners, equipment, facilities, reputation, and information. While every asset needs to be protected, as discussed in Chapter 1 in the context of risk management, this chapter’s coverage of the second CISSP domain focuses on protecting information assets. Information is typically the most valuable asset ...