Domain 2: Asset Security

Question 1

Data Lifecycle *6 steps)

Answer 1

1- Collect
2- Store
3- Use
4- Share
5- Retain
6- Destroy

Question 2

Data Owner

Answer 2

Individuals responsible for dictating how and why data should be used; determines how the data must be secured (risk treatment); determines the appropriate value and classification of information generated by the owner or department; communicates Data Classification.

Question 3

Data Controller

Answer 3

Determines the purposes and means of data processing. Responsible for adhering to all principles relating to processing personal data. Negotiate privacy protections / data processing agreements.

Question 4

Data Custodian

Answer 4

Maintains the protection of data according to the information classification. Delegated by the Data Owner and is usually IT personnel.

Question 5

Digital Rights Management

Answer 5

A set of tools and processes focused on controlling the use, modification, and distribution of intellectual property (IP) throughout its lifecycle.

Question 6

Data Clearing

Answer 6

Digitally wiping or “Overwriting” data with zeroes (zeroing).

Question 7

Data Purging

Answer 7

Digital destruction of data by methods including degaussing (using a strong magnetic field to destroy data).

Question 8

Data Destruction

Answer 8

Physically destroying the media.

Question 9

Data Loss Prevention (Steps)

Answer 9

1. Discovery & Classification
2. Monitoring
3. Enforcement

Question 10

Cloud Access Security Broker - 4 Functions

Answer 10

1. Visibility – Provide insight into cloud usage
2. Data Security – Monitor & help prevent data exfiltration
3. Threat Protection
4. Compliance