Domain 2: Asset Security (Weightage 10%)

The Asset Security (Protecting Security of Assets), domain focuses on data classification, labelling, retention, ownership, and clearances. It covers the different storage devices and controls, as well as their determination, including standards, scoping and tailoring. Every organization must have data protection skills.
This domain includes day-to-day access control management. It requires management of labels and clearances. Data classified in Government and Military as Unclassified or sensitive but not unclassified, Confidential Secret, Secret, Top Secret. Data in the Private Sector is classified as Public or Company Classified, Company Restricted and Private, Confidential, Sensitive, and
Next, it discusses information security roles and their responsibilities. These include mission or business owners, data owners and system owners, custodians and users, as well as data owners and system owners. It also discusses data remanence, which is data that remains after noninvasive means of deleting it.
It then covers memory types such as RAM, RAM, ROM and DRAM, as well as Firmware and Solid state drives. This section also covers data destruction methods to avoid dumpster diving, such as overwriting, destruction, shredding, degaussing and destruction. By exposing magnetic media to strong magnetic fields, degaussing damages the integrity of magnetic media, such as tapes or disk drives. Destruction is a physical destruction of media’s integrity by destroying or damaging the media itself, such the platters on a disk drive. The act of making data on hard copy unrecoverable is called shredding. Protecting data is vital for any organization, whether it is in motion or at rest.
This domain also includes data security controls like certification and accreditation. These standards and control frameworks also include PCI-DSS and Octave, ISO 17799, ISO 27000 Series, COBIT and ITIL.
Scoping, which is the process by which an organization determines which parts of a standard are to be used, and Tailoring, which is the process by which an organization customizes a standard for its use, play an important role.