Understanding Asset Security
- Basic Security Principles
- Data Management: Determining and Maintaining Ownership
- Data Governance Policies
- Roles and Responsibilities
- Data Ownership
- Data Custodians
- Data Documentation and Organization
- Data Warehousing
- Data Mining
- Knowledge Management
- Data Standards
- Data Lifecycle Control
- Data Audits
- Data Storage and Archiving
- Data Security, Protection, Sharing, and Dissemination
- Privacy Impact Assessment
- Information Handling Requirements
- Record Retention and Destruction
- Data Remanence and Decommissioning
- Classifying Information and Supporting Asset Classification
In this sample chapter from CISSP Exam Cram, 5th Edition, you will explore basic building blocks of any good security program.
Understanding asset security is a key requirement of a CISSP candidate. Asset security addresses the controls needed to protect data throughout its lifecycle, from the point of creation to the end of its life. Data protection controls must be implemented to ensure that information is adequately protected during each lifecycle phase. This chapter starts by reviewing the basic security principles of confidentiality, integrity, and availability and moves on to data management and governance.
The CISSP exam requires you to understand data security and how information is protected while it is in transit, in storage, and at rest. You must understand that protection of data is much more important today than it was years ago because data is no longer isolated in standalone servers. Today data often resides in the cloud; data can also be found on laptops, in RAID arrays, or even in paper form. Regardless of its storage location, data must have adequate protection and must be properly disposed of at the end of its useful life.