Chapter 4

Asset Security

IN THIS CHAPTER

check Understanding commercial and government data classification

check Establishing ownership of data

check Addressing privacy issues

check Managing records retention

check Identifying appropriate data security controls

check Ensuring proper handling of sensitive information assets

The Asset Security domain addresses the collection, classification, handling, and protection of information assets throughout the information lifecycle. Important concepts within this domain include data ownership, privacy, data security controls, and cryptography. This domain represents 10 percent of the CISSP certification exam.

Classify Information and Supporting Assets

Information and data, in all their various forms, are valuable business assets. As with other, more tangible assets, the information’s value determines the level of protection required by the organization.

A data classification ...

Get CISSP For Dummies, 6th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.