IN THIS CHAPTER
Understanding commercial and government data classification
Establishing ownership of data
Addressing privacy issues
Managing records retention
Identifying appropriate data security controls
Ensuring proper handling of sensitive information assets
The Asset Security domain addresses the collection, classification, handling, and protection of information assets throughout the information lifecycle. Important concepts within this domain include data ownership, privacy, data security controls, and cryptography. This domain represents 10 percent of the CISSP certification exam.
Classify Information and Supporting Assets
Information and data, in all their various forms, are valuable business assets. As with other, more tangible assets, the information’s value determines the level of protection required by the organization.
A data classification ...