Asset Security Flashcards
Information Asset
Any data, device or other component of the environment that supports information or the activities of the information system
Value of the asset is given by
owners, authorized and unauthorized users (may include cost of the responsibility or compromise of the same)
Cost of the asset
Amount it costs to acquire, develop, maintain or replace
Data States
At rest (Databases, data warehouses, archives, etc)
In motion (stream of moving data through any kind of network)
In use (data stored in a non-persistent digital state: RAM, CPU caches or registers)
Information Lifecycle
Collect
Store
Use
Share
Retain
Destroy
Data Owner
Person with the responsibility for the organization’s data (CEO, President, Head of Department)
Asset/System Owner
Person holding the asset or system that processes sensitive data. Responsible for implementing security controls.
Data Processors
Any system that processes data
Administrators
Responsible for assigning appropriate access to third parties
Custodians
Data owners delegate daily tasks to custodians. Help protect data integrity and security.
User
Has the need to access the information asset
Primary types of Data Classification
Context-based: ownership, location or other values can indicate sensitivity
Content-based: Inspecting file contents and directly identifying sensitive data
User-based: Manual assignment of data classification based on users understanding of data and classification scheme
Data Classification Process
Develop inventory of data assets
Assign correct value to each asset
Define classifications and criteria
Define appropriate safeguards for each classification
Apply classification labels
Implement protection and monitoring technologies
Training
Monitor, detect violations and enforce policies
Commercial typical classification levels
Confidential
Private
Sensitive
Public
