Skip to main content

Asset Security - Objectives


  • Understand key asset terms such as assets, information, data, resources, etc.
  • Explain how security controls are dictated by the value of assets, including information.
  • Understand that information assets that organizations need to protect based on the value of those assets to the organization.
  • Explain how asset classification drives the protection of assets based on value.
  • Describe the asset lifecycle.
  • Understand how data classification and categorization applies to the asset lifecycle.
  • Understand the importance of establishing accountability and responsibilities for information ownership and custodianship.
  • Explain account abilities and responsibilities for protection of assets by owner, custodians, stewards, controllers, and processors.
  • Explain key terms associated with asset protection.
  • Understand how privacy of personal information is affected by today’s technologies.
  • Explain the expectations of subjects according to privacy laws and regulations.
  • Explain the importance of the Organization for Economic Cooperation and Development (OECD) guidelines on Privacy Protection.
  • Express the eight principles for privacy protection according to the OECD guidelines.
  • Understand the concept of collection limitation as it applies to privacy.
  • Understand asset retention and how retention policies are driven by organizational requirements.
  • Explain the reasons that drive data and records retention, including compliance or organizational requirements.
  • Understand the issues associated with long-term storage of assets.
  • Define baseline protection.
  • Explain how baselines can help an organization achieve minimum levels of security associated with valuable assets.
  • Understand how baselines include security controls and how to implement them.
  • Describe baseline protection and scoping and tailoring in reference to asset protection.
  • Understand the different data states and explain how to secure each.
  • Explain the difference between end-to-end and link encryption as it relates to data in motion.
  • Understand how media requires controls to protect its content.
  • Understand labeling and marking requirements of assets that have been classified.
  • Understand how the handling of media and assets that have been classified should be allowed only to those that are authorized.
  • Understand how storing, retention, and destruction of assets is dictated by classification.
  • Explain methods used to clear, purge, and destroy data.

Comments

  1. apcamericaMarch 15, 2021 at 4:21 PM

    You have a genuine capacity to compose a substance that is useful for us. You have shared an amazing post about asset security. Much obliged to you for your endeavors in sharing such information with us. Asset Protection Systems Toledo

    ReplyDelete

Post a Comment

Popular posts from this blog

Understanding Ransomware

Ransomware is a type of malicious software designed to encrypt or block access to a victim's files or entire computer system. The attackers demand a ransom payment, typically in cryptocurrencies, in exchange for providing the decryption key or restoring access. This insidious form of cyberattack has evolved over the years, becoming more sophisticated and causing significant disruption.   The impact of ransomware attacks can be devastating on multiple levels. For individuals, it can result in the loss of personal data, compromising sensitive information like financial records or personal documents. In businesses, ransomware can disrupt operations, leading to financial losses, reputational damage, and potential legal implications. Critical infrastructure, such as healthcare or government systems, can also become targets, risking public safety and national security.
Post a Comment
Read more

Information security !!!

 
Post a Comment
Read more

How to clear CISSP

Familiarize yourself with the exam content: The CISSP exam covers a wide range of topics, including security and risk management, asset security, security engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security. It's important to have a solid understanding of all of these areas in order to be successful on the exam. Review the exam objectives: The CISSP exam objectives are published by (ISC)², the organization that administers the certification. Reviewing these objectives will help you understand the specific areas that the exam will test. Study the (ISC)² CISSP Common Body of Knowledge (CBK): The CISSP CBK is a comprehensive guide to the knowledge and skills that are required for the certification. It covers all of the exam domains in detail and is a valuable resource for exam preparation. Take a study course or use study materials: There are many study courses and mate...
Post a Comment
Read more