CISSP: Domain 2 — Asset Security : Easy Notes to Pass CISSP Certification in 2024–25

OBJECTIVE

INFORMATION AND ASSET (IDENTIFY AND CLASSIFY)
ASSET LIFECYCLE
INFORMATION AND ASSET OWNERSHIP
PROTECT PRIVACY
ASSET RETENTION (EOL and EOS)
DATA SECURITY CONTROLS
INFORMATION AND ASSET HANDLING REQUIREMENTS
DATA REMANENCE

INFORMATION AND ASSET

Asset = Anything that generate value and based on Asset value its level of control is determined

Q) Why asset classification is required?
Answer : So that asset will receive appropriate level of protection.

So Classification (Deals with access) and Categorization (Deals with impact)

SENSITIVITY = Amount of damage with information disclosure (PII or PHI)

CRITICALITY = REVENUE DRIVEN LOSS (Disconnection in Zoom, GotoMeeting hosted in cloud)