null
US
Sign In
Sign Up for Free
Sign Up
We have detected that Javascript is not enabled in your browser. The dynamic nature of our site means that Javascript must be enabled to function properly. Please read our
terms and conditions
for more information.
Next up
Copy and Edit
You need to log in to complete this action!
Register for Free
12020266
Chapter 5 - CISSP Domain 2 - Protecting Security of Assets
Description
HBO CISSP (ISC)2 Mind Map on Chapter 5 - CISSP Domain 2 - Protecting Security of Assets, created by Niels de Jonge on 28/01/2018.
No tags specified
cissp
chapter 5
domain 2
protecting security of assets
cissp (isc)2
hbo
Mind Map by
Niels de Jonge
, updated more than 1 year ago
More
Less
Created by
Niels de Jonge
almost 7 years ago
108
0
0
Resource summary
Chapter 5 - CISSP Domain 2 - Protecting Security of Assets
Classifying and Labeling Assets
Defining Sensitive Data
Proprietary Data
Intelectual Property
Trade secrets
Blueprints
Privacy related
PII
PHI
Defining Classifications
Classifications Levels
Applies to Data and Hardware
Damage done when disclosed
Defining Data Security Requirements
Higher classification needs higher security
Understanding Data States
Data states; motion, use, rest.
Managing Sensitive Data
To prevent unwanted disclosure
Marking / labelling to easy identify the classification
To provide linking pin for DLP
Secure transport based on classification
Secure storage based on classification
Proper destruction when data becomes no longer needed
Getting rid of data remanence
Data destroyment
Purging
Declassification
Sanitisation
Degaussing
Destruction
SSD cant be erased, they need total destruction
Retaining and maintaining by record retention
Protecting Confidentiality with Cryptography
Protecting data with symmetric encryption
AES
Protecting data with transport encryption
VPN, HTTPS
Identifying Data Roles
Data Owners
Ultimately the CEO is liable for negligence
Check label and classification
System Owners
Develops and maintains Security Plan
Ensures delivery of security training
Business / Mission Owners
Owners of business processes
Ensures systems to provide business value
Data Processors
Any system used to process data
EU Data Protect: natural or legal person
EU Data Protect: restricts data tranfers outside EU
US: Safe Harbor Program
7 principles; Notice, Choice, Onward Transfer, Security, Data integrity, Access, Enforcement
Admins
Granting access / assigning permissions
RBAC
Custodians
Helps protect security and integrity
Typically IT dept.
Users
Anyone using / accessing the data
Protecting Privacy
Using Security Baselines
To provide starting point with minimum security standards
GPO
Security Control Baseline
Scoping and Tailoring
Review Security Baselines
Select only logically applicable controls to a system
Selecting Standards
Selecting Security Controls within the Baseline
ISO
PCI DSS
GDPR
Show full summary
Hide full summary
Want to create your own
Mind Maps
for
free
with GoConqr?
Learn more
.
Similar
Final Exam 2015+
Alexandre Pinheiro
CISSP Domains
pikeje
Chapter 5 Homework
void pickle
Project Mngt Chapter 5
damimgd2u
Chapter 4 E-commerce Quiz Multiple Choice
Sergio López
E-commerce Chapter 4 TRUE/FALSE Quiz
Sergio López
Mechanics-Chapter 5-Moments
Thomas Marshall
Certified Information Systems Security Professional (CISSP)
GoAsk Chaz
CISSP Domians
examtime8725
Chapter 5: Keeping data safe and secure, keywords
Victoria Heppinstall
Week 1 Study Guide
amatthews1
Browse Library