Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ISC CISSP > Domain 2 > Flashcards

Domain 2 Flashcards

1
Q

Classification and categorization

A
  • Military and national security communities of many nations use classifications to describe the assignment of security labels
  • other national and regional government policies use categorization describe the assignment of security labels such as personal health information trade secret or proprietary
  • across the private sector or those do not do business with national government there is little agreement on what to call it
  • Important to focus attention on creating reading updating and deleting actions of the information asset or other data sets and data items that contains
  • Impact assessment should be conducted before any labels can be attached in order to indicate their sensitivity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Issues related to classification and categorization

A
  • it needs to be driven by the asset owner because assets owners are in the best position to understand the value
    -Asset owner will always remain accountable for protecting the value of the asset
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data classification and categorization policy

A
  • data classification and categorization
    - define criteria and processes used to determine the level of information security
  • data access - define the roles of people who can access the data
  • data security
    - determine whether the data is generally available or restricted by default
  • data retention
  • data disposal
  • data encryption
  • appropriate use of data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

data sensitivity levels and labels

A
  • embrace both classification (impact or loss) and categorization (grouping based on impacts or compliance needs)
  • typical set of sensitivity levels
    - highly restricted
    - moderately restricted
    - low sensitivity
  • Data categorization labels
  • often reflect the source or nature of the security requirements that dictate their use and do not fit into the hierarchy of most damaging to the least damaging
  • examples are as follows
    - human safety critical
    - the equipment and property safety critical
    - personable identifiable information
    - private data
    - proprietary data
    - compliance data
    - time critical data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

provision resources securely

A
  • two life cycle models that shape context for information security
    - IT asset management lifecycle
    - data security life cycle
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IT asset management lifecycle

A
  • IT asset management lifecycle centers on the activities below
    - Planning - This step should identify the IT asset whether it’s data software hardware or a combination
    - assigning security needs - helps to determine the functional security requirements but does not directly lead to choosing or implementing security controls
    - deployment to operational use may involve training
    - managing the deployed assets include ongoing security assessments
    - retiring the asset addresses all aspects of disposal and destruction
  • PADURD
    - Plan
    - Acquire
    - Deploy
    - Use
    - Retire
    - Dispose
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Information asset inventory

A
  • a organizations budget is an example of a information asset
  • System enumeration tool should identify what apps are installed the users that have access as well as the storage system that the data resides
  • Important to note that an organization has assets that are tangible or physical but the organization also has intangible assets that are equally important and essential to valuation
    - Example would be both tangible and intangible assets are important to a hotel chain the firm owns the buildings but it also manages customer registries and records
  • configuration management databases include information like make models and serial numbers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data security lifecycle

A
  • six major phases
    - creating the knowledge
    - storing or recording it
    - using the knowledge and or modifying it
    - sharing the data with others
    - archiving the data
    - deleting the data
  • Can people use share archive or dispose?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Roles and responsibilities regarding personal data protection (GDPR)

A
  • Subject
  • Controller - held accountable ensuring that all actions required by GDPR are completely effective
  • Processor
  • data protection officer – acts as the interface to government supervisory agencies and offices
  • The following roles manage compliance
    - data steward - commonly responsible for data context context and associated business rules
    - data custodian - responsible for the protection of the data was in their custody
    - data owner - makes the decision as to who should be allowed to access which levels
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

ISC CISSP (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions