12020266
Description
Mind Map by Niels de Jonge, updated more than 1 year ago
|
Created by Niels de Jonge
almost 7 years ago
|
|
Chapter 5 - CISSP Domain 2 -
Protecting Security of Assets
- Classifying and Labeling Assets
- Defining Sensitive Data
- Proprietary Data
- Intelectual Property
- Trade secrets
- Blueprints
- Intelectual Property
- Privacy related
- PII
- PHI
- PII
- Proprietary Data
- Defining Classifications
- Classifications Levels
- Applies to Data and Hardware
- Damage done when disclosed
- Classifications Levels
- Defining Data Security Requirements
- Higher classification needs higher security
- Higher classification needs higher security
- Understanding Data States
- Data states; motion, use, rest.
- Data states; motion, use, rest.
- Managing Sensitive Data
- To prevent unwanted disclosure
- Marking / labelling to easy identify the classification
- To provide linking pin for DLP
- To provide linking pin for DLP
- Secure transport based on classification
- Secure storage based on classification
- Proper destruction when data becomes no longer needed
- Getting rid of data remanence
- Data destroyment
- Purging
- Declassification
- Sanitisation
- Degaussing
- Destruction
- SSD cant be erased, they need total destruction
- SSD cant be erased, they need total destruction
- Purging
- Getting rid of data remanence
- Retaining and maintaining by record retention
- To prevent unwanted disclosure
- Protecting Confidentiality with Cryptography
- Protecting data with symmetric encryption
- AES
- AES
- Protecting data with transport encryption
- VPN, HTTPS
- VPN, HTTPS
- Protecting data with symmetric encryption
- Defining Sensitive Data
- Identifying Data Roles
- Data Owners
- Ultimately the CEO is liable for negligence
- Check label and classification
- Ultimately the CEO is liable for negligence
- System Owners
- Develops and maintains Security Plan
- Ensures delivery of security training
- Develops and maintains Security Plan
- Business / Mission Owners
- Owners of business processes
- Ensures systems to provide business value
- Owners of business processes
- Data Processors
- Any system used to process data
- EU Data Protect: natural or legal person
- EU Data Protect: natural or legal person
- EU Data Protect: restricts data tranfers outside EU
- US: Safe Harbor Program
- 7 principles; Notice, Choice, Onward
Transfer, Security, Data integrity,
Access, Enforcement
- US: Safe Harbor Program
- Any system used to process data
- Admins
- Granting access / assigning permissions
- RBAC
- RBAC
- Granting access / assigning permissions
- Custodians
- Helps protect security and integrity
- Typically IT dept.
- Typically IT dept.
- Helps protect security and integrity
- Users
- Anyone using / accessing the data
- Anyone using / accessing the data
- Data Owners
- Protecting Privacy
- Using Security Baselines
- To provide starting point with minimum security standards
- GPO
- GPO
- Security Control Baseline
- To provide starting point with minimum security standards
- Scoping and Tailoring
- Review Security Baselines
- Select only logically applicable controls to a system
- Review Security Baselines
- Selecting Standards
- Selecting Security Controls within the Baseline
- ISO
- PCI DSS
- ISO
- Selecting Security Controls within the Baseline
- GDPR
- Using Security Baselines
Want to create your own Mind Maps for free with GoConqr? Learn more.