From our last two blogs, we are explaining the Certified Information Systems Security Professional (CISSP) credential which is highly obtained by professionals who see themselves as the certified system security professional. In the first blog, we explained the domains of CISSP and in our second and recent blog posts, we covered the first information of the first domain- security and risk management. Now, here in this blog post, we will explain the second domain which is ‘Asset security’. Through this blog post, we will explain what you need to know about the asset security to pass the CISSP certification exam. So, without any second thought let’s start with this post.
CISSP Exam Percentage Covered By Asset Security?
Asset security as the second domain of the CISSP covers around 13.2 percent of the total exam questions. This domain covers the principles, concepts, structure, and standards that are used to monitor and secure assets. There are many who often get confused when it comes to defining the term “asset” as they connect the term with personal belongings.
Here, the term “asset” denotes anything that is or can be important for an organization such as employees, stakeholders, equipment, facilities, information, etc. However, among all of these, information or data is considered as one of the most important assets for the modern-day companies. Therefore, the information move through the information system should be disposed of properly after it is no longer in use.
Core Concepts of Asset Security
Those who are preparing for the CISSP certification exam should understand the core concepts of asset security to secure 13.2% in the exam. Key topics that are covered in this domain are as given below:
- Data management: Determine and maintain ownership.
- Longevity and Use: Data security for accessing, sharing, and publishing information.
- Data standards: Data storage, specification, arching and control.
- Ensure appropriate: Personal, media, hardware, and company data retention policies.
- Data security controls: data in transit, set, tailoring, and scoping.
These are the topics that candidates need to cover in the asset security domain. You can learn about these topics in detail by acquiring this Cyber Security Training Course for Certification from ProICT Training.
What Do You Need to Know for The Exam?
Essential data items that are attached to the organization’s valuable information is tagged as the classification level. The word that is used to classify the information is known as the “critically” or “sensitivity”. An organization can choose to have the classification level but it totally depends upon whether it is a commercial or military agency. The levels both commercial and military data includes are as given below:
- Top Secret
- Data ownership
The transit of data must complete its life-cycle. There are many entities that play a crucial role in making the data life-cycle successful including
- Data owner
- The system owner
- The data custodian
- The security administrator
- The supervisor or manager
- The users
- Retention policies
- Data Retention
Data protection defines that sensitive data when processed for any particular purpose, should not be preserved for a longer time. Unfortunately, there is no specific time for which organizations can retain the data. However, the legal requirements can vary from one business to another. Still, every organization should closely follow the data retention policy when transmitting the data.
That’s for today, we will further discuss this domain in the next blog post. Until then, stay tuned and read our other related posts. For further information, feel free to visit the ProICT Training.