Domain 2

Question 1

Asset

Answer 1

An asset is any data, device, or other component of the environment that supports information or information system related activities.

Question 2

The value of an Asset

Answer 2

The value of an asset is the worth of the asset to the owners, authorized users, and unauthorized users.
- Asset value can include the cost of liability or compromise.

Question 3

The cost of an asset

Answer 3

The cost of an asset is the monetary value it takes to acquire, develop, maintain, or replace it.

Question 4

Asset Classification purpose

Answer 4

The purpose of asset classification is to ensure that assets are properly identified and protected throughout their life-cycles.
Asset classifications inform handling instructions, control decisions, audit score, and regulatory compliance activity.
- Information assets are generally classified by content.
- Infrastructure and physical assets are generally classified by operational criticality.

Question 5

Data Classification Schemas

Answer 5

• Government and Military

- Classifications for the private sector.

Question 6

FIPS 199

Answer 6

Federal Information Processing Standard 199 (FIPS 199) requires that information and information systems be categorized as low, medium, or high security based upon confidentiality, integrity, and availability.

Question 7

Government / Military Data Classifications.

Answer 7

• Top Secret (TS): Expected to cause exceptionally grave danger to national Security.
• Secret (S): Expected to cause serious damage to national security.
• Confidential: Expected to cause damage to national security.
• Unclassified: No threat to national interest.

Question 8

Sensitive but Unclassified (SBU)

Answer 8

US federal agencies use the Sensitive byt Unclassified (SBU) designation when information is not classified but still needs to be protected and requires strict controls over its distribution.

Question 9

Information System Asset

Answer 9

An information system asset is any data, device, or other component of the environment that supports information or information systems related activities.
- Information and information system assets should be assigned an owner and a custodian.

Question 10

Asset Ownership Responsibilities

Answer 10

• Defining the asset.
• Assigning Value (AV).
• Classifying the asset.
• Confirming the level of protection required.
• Authorizing access rights and permissions.
• Authorizing disclosure.
• Ongoing governance.

Question 11

Asset Custodian Responsibilities.

Answer 11

• Implementing protection mechanisms.
• Monitoring for problems or violations.
• Reporting suspected incident.

Question 12

Asset Management

Answer 12

Asset Management is a set of activities that focus on th protection, accounting and integrity of infrastructure and physical:
Asset Management = Classification + Inventory + Configuration Management.

Question 13

Inventory Management

Answer 13

Inventory Management is a set of policies, standards, and procedures used to maintain optimum inventory levels, track assets, and schedule replacements. Benefits:

• Tracking.
• Providing context for vulnerability and patch management.

Question 14

Software Asset Management (SAM)

Answer 14

Software Asset Management (SAM) is the practice of managing the life-cycle of software assets within an organization. The two significant benefits of the SAM program are control and risk reduction.

Question 15

Configuration Management (CM)

Answer 15

Configuration Management (CM) is a set of activities focused on establishing and maintaining the integrity of systems through control of the processes of initializing, changing, and monitoring the configurations.

Question 16

Baseline Configuration.

Answer 16

A Baseline Configuration (BC) is a set of specifications for a configuration item (CI), that has been reviewed and agreed on (authorized), and which can be changed only through change control procedures.

Question 17

Configuration Management

Answer 17

• Research | Plan.
• Approve Baseline Configuration.
• Assign CM version and update library.
• Implement.
• Configuration Changes.
• Monitor.
• Report.
• Repeat.

Question 18

Commonly used privacy framework

Answer 18

OECD Privacy Principles.

Question 19

Privacy Threshold Assessment

Answer 19

Used by organizations to identity PI and determine how to treat the data.

Question 20

Information Life-Cycle.

Answer 20

• Collection.
• Use
• Retention / Archiving
• Deletion / Destruction

Question 21

Information Retention

Answer 21

Retention is a protocol (set of Rules) within an organization that dictates types of unaltered data that must be kept and for how long.
- Data retention strategies must be aligned with business and legal requirements

Question 22

Data Archiving

Answer 22

Data Archiving is the process of securely storing unaltered data for later potential retrieval.

Question 23

Legal Hold

Answer 23

A legal hold is the requirement for a organization to preserve all forms of relevant information when litigation, audit, or government, investigation is reasonably anticipated. The objective is to avoid evidence spoliation.

Question 24

eDiscovery

Answer 24

eDiscovery (also called electronic discovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal or criminal legal case.

Question 25

Data Deletion

Answer 25

When a file is deleted, the corresponding entry in the Master File Table (MFT) is removed and the MFT entry is marked as ready to be re-used. The data for the file is separate from the MFT entry.

Question 26

Data Remanence

Answer 26

Data Remanence is the residual representation of digital data that remains even after attempts have been made to delete or erase the data.

Question 27

Secure Deletion

Answer 27

Secure Deletion ensures that the deleted file or file fragments cannot be retrieved and/or reconstructed.

Question 28

Clearing

Answer 28

Clearing removes the data in such a way that data cannot be recovered using normal system functions of recovery utilities.

Question 29

Purging

Answer 29

Purging, which is the removal of data that cannot be reconstructed by any known technique.

Question 30

Destruction

Answer 30

Destruction, which is the physical act of destroying media in such a way that cannot be reconstructed.

Question 31

Disk Wiping

Answer 31

Disk Wiping is a clearing technique that overwrites all addressable storage and indexing locations multiple times.

Question 32

Degaussing

Answer 32

Degaussing is a purging technique that requires a machine or wand that produces a strong electromagnetic field which destroys all magnetically recorded data.

Question 33

Destruction

Answer 33

Destruction is the physical act of destroying media in such as way that it cannot be reconstructed.

• Shredding: physically breaking media to pieces.
• Pulverizing: reducing media to dust.
• Pulp: Chemically altering media.
• Burning: Incinerating media.

Question 34

Certificate of Destruction

Answer 34

Certificate of Destruction is issued by commercial services upon destruction of media (for example paper, CD/DVD, tape, and drives). The certificate should at a minimum include:
- Data of destruction.
- Description of media (including serial number, if appropriate)
- Method of destruction.
Witnesses.
- Company name.

Question 35

Data Management

Answer 35

Data Management is defined as the planning and execution of policies and practices that protect and, when possible, enhance the value of data throughout its life-cycle

Question 36

Data Ownership

Answer 36

Data Ownership refers to the responsibility for information which includes decisions pertaining to , and oversight of, classification, controls, access, and authorization throughout the data life-cycle.

Question 37

Scoping

Answer 37

Scoping instructs an organization how to apply and implement security controls (baselines)

Question 38

Tailoring

Answer 38

Tailoring allows an organization to align common security controls within specific objectives.

Question 39

Data Obfuscation

Answer 39

Data obfuscation is the act of making a data set difficult to find or understand.

Question 40

Data Loss Prevention (DLP)

Answer 40

Data Loss Prevention (DLP) automated tools are designed to detect and prevent data exfiltration (unauthorized release or removal of data)

Question 41

How DLP Technology work?

Answer 41

• DLP technologies locate and catalogue data based on a predetermined set of handling standards.
• DLP tools monitor target data while in use, in motion, and at rest.

Question 42

Possible DLP Implementations

Answer 42

• Network-Based (on premise)
• Storage Based
• Endpoint based.
• Cloud-based (off-premise)

Question 43

Labeling

Answer 43

Labeling is the vehicle for communicating the assigned classification to custodian, users, and applications.
- Labels make it easy to identify the data classification.
- Labels can take many forms: electronic, print, audio, or visual.
- Labels should be appropriate for the intended audience.
_ Labels transcend institutional knowledge and provide stability in environments that experience personnel turnover

Question 44

Term given to the unauthorized release or removal of data.

Answer 44

Exfiltration

Question 45

Handling standards are generally organized by?

Answer 45

Classification Level

Question 46

These assets inventory applications is used to discover and document devices and characteristics such as services, users, and groups.

Answer 46

Enumeration Tools.

Question 47

This type of assessment is used to identify personal information that has been acquired by the organization and to determine how to treat the data.

Answer 47

Privacy threshold assessment