Computer Science > Study Notes > Domain 2: Asset Security Western Governors UniversityCISSP 101Notes - Domain 2 - EDT_JAN18 (All)
Domain 2: Asset Security SLIDE 2: Asset Security The goal of the Asset Security domain is to provide you with the concepts, principles, structures, and standards used to monitor and secure assets. ... It also focuses on the controls used to enforce various levels of confidentiality, integrity, and availability. SLIDE 3 - 4: Domain Objectives • Apply a comprehensive and rigorous method for describing current and/or future structure and behavior for an organization's security processes, information security systems, personnel, and organizational subunits so that these practices and processes align with the organization's core goals and strategic direction. • Address the frameworks and policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets, as well as to assess the effectiveness of that protection. • Establish the foundation of a comprehensive and proactive security program to ensure the protection of an organization’s information assets SLIDE 5: Domain Agenda • Classify Information and Supporting Assets • Determine and Maintain Ownership • Protect Privacy • Ensure Appropriate Retention • Determine Data Security Controls • Establish Handling RequirementsD2 P2 v.01_2018 Classify Information and Supporting Assets SLIDE 7: Module Topics • Classification • Asset Management SLIDE 8: Classification The purpose of a classification system is to ensure information is marked in such a way that only those with the appropriate clearance level may have access to the information. Many organizations will often use the terms “confidential,” “close hold,” or “sensitive” to mark information. These markings should limit access to specific members or departments. EX: board members | HR Dept. SLIDE 9: Categorization Categorization is the process of determining the impact of the loss of confidentiality, integrity, or availability of information. Example 1: public information on a web page may be categorized as low impact to an organization as it requires only minimal uptime, it does not matter if the information gets changed or becomes globally viewable by the public. Example 2: a startup company may have a design for a new clean power plant which if it were lost or altered may cause the company to go bankrupt, as a competitor may be able to manufacture and implement the design faster. This type of information would be categorized as high impact. [Show More]
Last updated: 1 year ago
Preview 1 out of 75 pages
Connected school, study & course
About the document
Uploaded On
Aug 05, 2021
Number of pages
75
Written in
This document has been written for:
Uploaded
Aug 05, 2021
Downloads
0
Views
62
In Browsegrades, a student can earn by offering help to other student. Students can help other students with materials by upploading their notes and earn money.
We're available through e-mail, Twitter, Facebook, and live chat.
FAQ
Questions? Leave a message!
Copyright © Browsegrades · High quality services·