Asset Types Asset Classification Asset Storage Apply appropriate controls based on classification Data is more valuable than the media Asset Security Data Classification Type of Data Data Stakeholders Data Remanence Data left over after a removal and deletion process Data Destruction Scoping Portion of standards that will be applicable for organization Tailoring Customizing standards asContinue reading “Domain 2: Asset Security”
Tag Archives: isc2
Domain 1: Security and Risk Management
CIA Triad: IAAA: Accounting: The action owner logs are reviewed for violations Non-repudiation: The action owner cannot deny his/her actions Governance(Not us): Management(Us): Principle: There are 2 types of principles: Standards and Frameworks There are many security frameworks and standards available for security implementation and guidance for any organization. A few examples are Protection MethodsContinue reading “Domain 1: Security and Risk Management”
Security and Risk Management
Information Security Management Information security is the process of protecting information and information systems from the following: Unauthorized disclosure, access and use Destruction Deletion Modification Disruption Factors that impact information security Technology Platforms and tool used Network Connectivity Level of IT complexity New or emerging security tools Operational support for security Business Plan and EnvironmentContinue reading “Security and Risk Management”
