Domain #2: Asset Security

Question 1

What is an “Asset”?

Answer 1

An asset is, anything of worth to an organization. This includes people,
partners, equipment, facilities, reputation, and information

Question 2

Information Life Cycle

Answer 2

*Acquisition
*Store
*Use
*Share
*Archival
*Disposal

Question 3

Commercial/Private Information
Classification:

Answer 3

*Confidential
*Private
*Sensitive
*Public

Question 4

Military Information Classification

Answer 4

*Top Secret
*Secret
*Confidential
*Sensitive but unclassified
*Unclassified

Question 5

Data Classification Procedure/Steps

Answer 5

1. Define classification levels
2. Criteria for how data is classified
3. Data owner should classify under their responsibility
4. Identify data custodian who will maintain data and security
5. Indicate security controls or protection for each classification
6. Document any exceptions
7. Indicate process for transferring ownership to different custodian
8. Define procedure for declassifying data
9. Integrate in security awareness training program

Question 6

What are the responsibilities of the CEO?

Answer 6

*CEO – Chief Executive Officer
*Day-to-day management of entire organization
*Often Chairperson of the Board of Directors and is highest
ranking officer in company
*Oversees companies finances, budget, strategic vision, business
plan
*Decides on partnerships with other vendors
*Decides how company will differentiate itself from its competitors

Question 7

What are the responsibilities of CFO?

Answer 7

*CFO – Chief Financial Officer
*Day-to-day account and financial activities
*Responsible for overall financial structure
*Determines companies current and future financial needs
*Maintains company capital structure
*Equity, Cash, Credit, Debt
*Oversees budget and financial performance metrics
*Responsible for filing financial statements to regulatory bodies

Question 8

What are the responsibilities of CPO?

Answer 8

*CPO – Chief Privacy Officer
*Reports to Chief Security Officer
*Newer position
*Oversee appropriate handling and usage of data
*Familiar with outside regulations
and market specific legal requirements
*Usually an attorney by training

Question 9

What are the responsibilities of CSO?

Answer 9

CSO – Chief Security Officer
*Responsible for understanding company specific risks and processes used to mitigate these risks
*Must understand business drivers
*Responsible for maintaining company Security Program
*Responsible for compliance with applicable regulations and laws
*Ensures Business is NOT interrupted in any way

Question 10

What are the responsibilities of CISO?

Answer 10

*Chief Information Security Officer
*Must have a strong understanding of business processes and objectives
*Ability to communicate effectively with upper management
*Understand legal regulations and security frameworks
*Develop and maintain security awareness programs
*Develop security budget and report to Board of Directors or upper management
*Respond to security incident or breach

Question 11

Internal and external labeling of each piece of media in the library should include

Answer 11

*Date created
*Retention period
*Classification level
*Who created it
*Date to be destroyed
*Name and version

Question 12

What aimed at preventing the loss of sensitive information?

Answer 12

Data leak prevention (DLP) aimed at preventing the loss of sensitive information