Domain 2: Asset Security Western Governors UniversityCISSP 101Notes - Domain 2 - EDT_JAN18

Document Content and Description Below

Domain 2: Asset Security SLIDE 2: Asset Security The goal of the Asset Security domain is to provide you with the concepts, principles, structures, and standards used to monitor and secure assets. ... It also focuses on the controls used to enforce various levels of confidentiality, integrity, and availability. SLIDE 3 - 4: Domain Objectives • Apply a comprehensive and rigorous method for describing current and/or future structure and behavior for an organization's security processes, information security systems, personnel, and organizational subunits so that these practices and processes align with the organization's core goals and strategic direction. • Address the frameworks and policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets, as well as to assess the effectiveness of that protection. • Establish the foundation of a comprehensive and proactive security program to ensure the protection of an organization’s information assets SLIDE 5: Domain Agenda • Classify Information and Supporting Assets • Determine and Maintain Ownership • Protect Privacy • Ensure Appropriate Retention • Determine Data Security Controls • Establish Handling RequirementsD2 P2 v.01_2018 Classify Information and Supporting Assets SLIDE 7: Module Topics • Classification • Asset Management SLIDE 8: Classification The purpose of a classification system is to ensure information is marked in such a way that only those with the appropriate clearance level may have access to the information. Many organizations will often use the terms “confidential,” “close hold,” or “sensitive” to mark information. These markings should limit access to specific members or departments. EX: board members | HR Dept. SLIDE 9: Categorization Categorization is the process of determining the impact of the loss of confidentiality, integrity, or availability of information. Example 1: public information on a web page may be categorized as low impact to an organization as it requires only minimal uptime, it does not matter if the information gets changed or becomes globally viewable by the public. Example 2: a startup company may have a design for a new clean power plant which if it were lost or altered may cause the company to go bankrupt, as a competitor may be able to manufacture and implement the design faster. This type of information would be categorized as high impact. [Show More]

Last updated: 1 year ago

Preview 1 out of 75 pages