Domain 2: Asset Security – Weightage 10% 2018

The Asset Security (Protecting Security of Assets), domain focuses on data classification, labelling, retention, ownership, and clearances. It covers the different storage devices and controls, as well as their determination, including standards, scoping and tailoring. Every organization must have data protection skills.
This domain is responsible for the day-to-day management and management of access control.
Formal access approval and the need to know. The data is classified in Government and Military.
Unclassified, sensitive, but not classified, Confidential and Secret. Data in the Private Sector is classified as Public or Company Classified, Company Restricted and Private, Confidential, Sensitive, and Private.
Next, it discusses information security roles and their responsibilities. These include mission or business owners, data owners and system owners, custodians and users, as well as data owners and system owners. It also discusses data remanence, which is data that remains after non-invasive means of deleting it.
It then covers memory types such as RAM, RAM, ROM and DRAM as well as Firmware and Solid state drives. This section also covers data destruction methods to avoid dumpster diving, such as overwriting, destruction, destruction, and shredding.
By exposing magnetic media to strong magnetic fields, degaussing damages the integrity of magnetic media, such as tapes or disk drives. Destruction is a physical destruction of media’s integrity by destroying or damaging the media itself, such the platters on a disk drive. The act of making data on hard copy unrecoverable is called shredding. Protecting data is vital for any organization, whether it is in motion or at rest.
This domain also includes data security controls like certification and accreditation. These standards and control frameworks also include PCI-DSS and Octave, ISO 17799, ISO 27000 Series, COBIT and ITIL.
Scoping, which is the process by which an organization determines which parts of a standard are to be used, and Tailoring, which is the process by which an organization customizes a standard for its use, play an important role.