Assets Flashcards
An Asset by definition…
Anything worth to an organization. This includes people, partners, equipment, facilities, reputation, and information.
Primary Purpose of Data Classification is to…
Indicate the level of confidentiality, integrity, and availability protection that is required for each type of data set.
IT Asset Life Cycle
- Business Case
- Create or Acquire
- Operate and Maintain
- Replace or Dispose
ISO for consistent approach to Supply Chain
ISO 28000:2007
Steps to Decommissioning an Asset
- Decommission only within the change management process
- Ensure that the asset is no longer in use
- Review that impact on data retention
- Securely wipe any data on the asset
- Safely dispose of the hardware
Life of data into 6 phases
- Acquisition
- Storage
- Use
- Sharing
- Archival
- Destruction
Some countries have ________ laws that require certain type of data to be stored and processed in that country.
Data Localization Law
Other Countries have enacted __________ laws that stipulate that anyone who stores or process certain types of data (typically personal data of their citizens), whether or not they do so locally, must comply with those countries’ laws
Data Sovereignty laws
Electronically stored information (ESI) or E-Discovery is ….
The process of producing for a court or external attorney all ESI pertinent to a legal proceeding.
NIST SP 800-88 Revision 1
Guidelines for Media Sanitization
Four ways eliminating data remnanence
- Overwriting
- Degaussing
- Encryption
- Physical Destruction