2.2 Establish Information and Asset Handling Requirements Flashcards
What are Asset Handling Requirements?
Clear procedures that mitigate risks like asset misplacement or handling by clearly defining proper handling of the valued asset.
What should be included in an Asset Classification Policy to ensure valued assets are handled properly?
Asset Handling Requirements | Handling Procedures.
True or False:
Asset Handling Requirements are driven by the Assets Classification and Assets Media type.
FALSE: Asset handling requirements should be specific to the asset classification level and ignores the media type. | Example: A CD being transported with sensitive Information should follow the same handling requirements as a USB or Person with sensitive information.
Asset Owners are always accountable for the protection of assets. What two things much an owner convey regarding Asset Handling to ensure Asset Classficiation Policies are met?
Only designated individual should have access to sensitive Media | Owners must define who is authorized to access the media.
Regarding storage of media, how should Top-Secret data be stored on a digital device?
With robust encryption, such as AES-256, and should be stored physically in a secure location safe from unauthorized access, high-humidity, or other risks that could threatent the data.
Regarding Media Retention and Destruction, what can influence an organization’s handling of data beyond retention and destruction in line with their personal classification procedures?
Auditory and Regulatory compliance frameworks. | For example, Payment Card Industry Data Securtiy Standard (PCI DSS) dictates audit logs most be stored for no less than a year and all logs created in the last 90-days must be available for immediate analysis.
When should credit card data be destroyed in regards to PCI DSS standards?
Immediately as soon as the data is no longer required for data or legal information.
