Grab the Learning Bonanza with up to 50% OFF on Combo Courses + Buy 1 Get 4* FREE on All Courses*
Grab the Learning Bonanza with up to 50% OFF on Combo Courses + Buy 1 Get 4* FREE on All Courses*
D H M S

Domain 2 : Asset Security – Weightage 10% 2018

infosectrain

The Asset Security (Protecting Security of Assets) domain focuses on controls such as data classification, clearances, labels, retention, and ownership of data. It discusses about different storage devices and controls determination, including standards, scoping, and tailoring. Data protection skills are at the heart of every organization.

This domain covers day-to-day management of access control requires management of labels, clearances,

Formal access approval, and need to know. In Government or Military, the data is classified as Unclassified, sensitive but unclassified, Confidential, Secret, and Top Secret. While in Private Sector, data is classified as Public, Company Classified, Company Restricted, Private, Confidential, and Sensitive.

Next it discusses about information security roles and their responsibilities which include business or mission owners, data owners, system owners, custodians, and users. It covers data remanence which is the data that persists beyond noninvasive means to delete it.

Next it covers about various memory such as Cache memory, RAM, ROM, DRAM, SRAM, Firmware, Solid state drives. This also explains about ways for data destruction to avoid dumpster diving like overwriting, degaussing, destruction, shredding.

Degaussing destroys the integrity of magnetic medium, such as a tape or disk drive, by exposing it to a strong magnetic field. Destruction physically destroys the integrity of media by damaging or destroying the media itself, such as the platters of a disk drive. Shredding is the process of making unrecoverable any data printed on hard copy. The protection of data is of utmost important for an organization whether the data is at rest or data is in motion.

This domain also covers data security controls such as certification and accreditation. The following standards and control frameworks are also covered PCI-DSS, Octave, ISO 17799 and the ISO 27000 Series, COBIT, ITIL.

Scoping which is the process of determining which portions of a standard will be employed by an organization and Tailoring which is the process of customizing a standard for an organization plays an important role.

TOP
whatsapp