Domain 2: Asset Security Flashcards

Question

# Define: Data Destruction

Answer 1

Eliminating data to make it unreadable and non-recoverable, using methods like physical destruction or software-based overwriting. ## Footnote The process of eliminating or erasing data from a storage medium, making it completely unreadable and non-recoverable. Methods include physical destruction, degaussing, and software-based overwriting or encryption, all aimed at preventing unauthorized individuals from retrieving and exploiting sensitive information. *For more information, view this lecture on [Data Remanence and Destruction](https://courses.thorteaches.com/courses/take/cissp/lessons/18588465-data-remanence-and-destruction). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_erasure).*

Answer 2

Procedures and practices for managing data securely and efficiently. ## Footnote Data handling encompasses the entire process of collecting, processing, storing, and disseminating information. It involves protocols, procedures, and technologies designed to ensure that data is accurate, secure, and used in compliance with regulatory requirements throughout its lifecycle. *For more information, view this lecture on [Data Handling, Data Storage, and Data Retention](https://courses.thorteaches.com/courses/take/cissp/lessons/18588262-data-handling-data-storage-and-data-retention).*

Answer 3

Data actively moving through networks, requiring secure transport protocols and encryption to prevent unauthorized interception. ## Footnote Data that is actively moving through networks, either across the Internet or through private networks. It's during this active transfer process that data is often considered most vulnerable to unauthorized interception or alteration, which necessitates the use of secure transport protocols and encryption measures to ensure its safe delivery. *For more information, view this lecture on [The 3 States of Data (data at rest, data in motion, and data in use)](https://courses.thorteaches.com/courses/take/cissp/lessons/18588257-the-3-states-of-data-data-at-rest-data-in-motion-and-data-in-use). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_in_transit).*

Answer 4

Active data being processed or manipulated, vulnerable to attacks like memory scraping and requiring encryption and access controls. ## Footnote Refers to data that is currently being processed or manipulated by a computer application or user. Unlike data at rest or data in transit, it's in an active state, making it potentially more vulnerable to unauthorized access or attacks, like memory scraping. Security measures for data in use include encryption and access controls. Encrypting data in active use, also known as runtime encryption, involves protecting data being processed in a computer's memory. Techniques include Trusted Execution Environments (TEEs) that create secure areas in a processor, Homomorphic Encryption that allows computations on encrypted data, and Secure Enclaves like Intel SGX, which safeguard data even if the system is compromised. *For more information, view this lecture on [The 3 States of Data (data at rest, data in motion, and data in use)](https://courses.thorteaches.com/courses/take/cissp/lessons/18588257-the-3-states-of-data-data-at-rest-data-in-motion-and-data-in-use). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_in_use).*

Answer 5

Categorizing or tagging data with labels to provide context or information, guiding secure handling and protection measures. ## Footnote The process of categorizing or tagging data, like files or digital assets, with labels that add informative context or meaning. The labels can represent different levels of sensitivity, confidentiality, or business value, and they help to enforce appropriate handling and protection measures according to the specified labels. *For more information, view this lecture on [Data Classification and Clearance](https://courses.thorteaches.com/courses/take/cissp/lessons/18588247-data-classification-and-clearance). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Labeled_data).*

Answer 6

An unintended exposure of sensitive data to unauthorized individuals, often due to poor configurations or human error, leading to potential damage. ## Footnote An incident where sensitive, protected, or confidential data is unintentionally exposed, transmitted, or made accessible to unauthorized individuals. This could be the result of various actions, such as poor security configurations, vulnerabilities in software, or human error, and can lead to significant reputational and financial damage. *For more information, view this lecture on [Data Protection](https://courses.thorteaches.com/courses/take/cissp/lessons/25649829-data-protection). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_breach).*

Answer 7

The unauthorized transfer of information outside of an organization's control, potentially resulting in sensitive data falling into the wrong hands. ## Footnote An event where information, either intentionally or accidentally, is moved outside of an organization's security boundaries, possibly falling into the wrong hands. Data leakage could occur through various channels, such as email attachments, cloud storage, physical devices, or even through employee misconduct. *For more information, view this lecture on [Data Protection](https://courses.thorteaches.com/courses/take/cissp/lessons/25649829-data-protection). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Leakage_(machine_learning)).*

Answer 8

The stages data goes through from creation to disposal, including creation, processing, storage, usage, sharing, archiving, and deletion. ## Footnote The sequence of stages that a particular unit of data goes through from its initial generation or capture to its eventual archival and retirement or deletion. This lifecycle typically includes stages such as creation, processing, storage, usage, sharing, archiving, and disposal, with each stage necessitating specific handling and security measures. *For more information, view this lecture on [The Information Life Cycle](https://courses.thorteaches.com/courses/take/cissp/lessons/18588237-the-information-life-cycle). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_management).*

Answer 9

Tools and processes to protect sensitive data from being lost, misused, or accessed by unauthorized users throughout its lifecycle. ## Footnote A set of tools or processes used to identify, monitor, and protect data in use, data at rest, and data in motion through deep content inspection and with a focus on sensitive data. The goal is to prevent sensitive data from being lost, misused, or accessed by unauthorized users, thereby maintaining the data's confidentiality and integrity. *For more information, view this lecture on [Data Protection](https://courses.thorteaches.com/courses/take/cissp/lessons/25649829-data-protection). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_loss_prevention_software).*

Answer 10

Data masking protects confidential information by replacing critical data elements (like names or IDs) with realistic but fictitious values, preserving functionality for non-production uses. ## Footnote Often applied in testing or development environments, data masking ensures that personally identifiable information cannot be reconstructed from substituted fields. Techniques range from shuffling names in databases to applying consistent transformation algorithms. Masking meets privacy regulations, lowers breach risk, and lets developers safely work with near-real datasets. Properly designed data masking strategies ensure compliance while maintaining data utility. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_masking).*

Answer 11

An individual or unit responsible for data they create or use, classifying and ensuring it's handled in compliance with relevant laws and policies. ## Footnote An individual or a functional unit, usually within an organization, which is legally responsible for the data they create, capture, maintain, or use. They are responsible for classifying the data according to its sensitivity and for ensuring it is handled, stored, and accessed in compliance with relevant laws, policies, and guidelines. *For more information, view this lecture on [Mission, Data, System Owners, and Data Custodians](https://courses.thorteaches.com/courses/take/cissp/lessons/18588265-mission-data-system-owners-and-data-custodians).*

Answer 12

Entities processing data on behalf of data controllers, handling it as instructed, and maintaining standards of security and confidentiality. ## Footnote Entities that process personal data on behalf of data controllers. Under GDPR and similar regulations, processors are responsible for handling data as instructed by the controller and must adhere to strict standards of security and confidentiality. They play a key role in IT and data services, especially within cloud computing, data analytics, and outsourced service providers. *For more information, view this lecture on [Mission, Data, System Owners, and Data Custodians](https://courses.thorteaches.com/courses/take/cissp/lessons/18588265-mission-data-system-owners-and-data-custodians).*

Answer 13

Residual data that persists after attempted erasure, potentially allowing for unauthorized recovery of sensitive information. ## Footnote The residual representation of data that remains even after attempts have been made to remove or erase it. It's a significant concern because it can potentially allow unauthorized access and recovery of sensitive data and is especially relevant when disposing of recycling, or repurposing old hardware. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_remanence).*

Answer 14

Storing data for compliance or business needs and securely destroying it after the retention period is over. ## Footnote The practice of storing data for a predetermined period of time for compliance, regulatory, or business reasons. The period of time that data should be kept varies depending on the type of data, the industry, and the regulatory environment. After this period, the data is usually securely destroyed. *For more information, view this lecture on [Data Handling, Data Storage, and Data Retention](https://courses.thorteaches.com/courses/take/cissp/lessons/18588262-data-handling-data-storage-and-data-retention). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_retention).*

Answer 15

Reviewing stored data to ensure compliance with retention policies and safeguarding against unauthorized activities. ## Footnote The process of regularly reviewing and managing stored data to ensure that it is being retained in accordance with relevant policies and regulations. The process involves managing the data lifecycle, ensuring data protection and privacy, verifying data accuracy and availability, and detecting potential unauthorized activities. *For more information, view this lecture on [Data Handling, Data Storage, and Data Retention](https://courses.thorteaches.com/courses/take/cissp/lessons/18588262-data-handling-data-storage-and-data-retention). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_retention).*

Answer 16

Responsibilities associated with data handling, including data owners, stewards, and users, adhering to governance policies. ## Footnote The responsibilities assigned to individuals or entities in relation to data. Key roles often include data owners, who have control over and responsibility for data assets; data stewards, who oversee data quality and lifecycle; and data users, who access and use data in their roles. *For more information, view this lecture on [Mission, Data, System Owners, and Data Custodians](https://courses.thorteaches.com/courses/take/cissp/lessons/18588265-mission-data-system-owners-and-data-custodians).*

Answer 17

Protecting digital data from unauthorized access, corruption, or theft throughout its lifecycle, using standards and technologies. ## Footnote The practice of protecting digital data from unauthorized access, corruption, or theft throughout its entire lifecycle. It includes a set of standards and technologies that protect data from intentional or accidental destruction, modification, or disclosure. Data security involves a range of tactics, such as encryption, tokenization, and key management practices that protect data across all applications and platforms. It also involves physical and administrative strategies to control access to hard-copy and electronically stored data. Data security is crucial for maintaining the integrity and privacy of information in both business and personal contexts. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_security).*

Answer 18

An acronym for the stages that data goes through to maintain security, from creation to destruction. ## Footnote An acronym representing the stages through which data goes to maintain security from creation to destruction. Create, Store, Use, Share, Archive, and Destroy. The lifecycle ensures that data is protected at all times. Create - Data is produced or captured in various forms. Store - Data is saved in a secure location and protected from unauthorized access. Use - Data is accessed and utilized by authorized individuals for intended purposes. Share - Data is exchanged between users, systems, or organizations with appropriate security measures. Archive - Data that is no longer actively used is securely stored for long-term retention. Destroy - Data is securely and irreversibly destroyed when it is no longer needed or required to be retained by law. This lifecycle approach helps organizations implement comprehensive data protection strategies and manage risks associated with data handling.

Answer 19

The process of saving and retrieving data using various media. ## Footnote Data storage involves recording information on physical or digital media, making it available for retrieval and use when needed. It covers a range of technologies—from traditional hard drives to cloud-based solutions—ensuring that data remains intact, accessible, and secure under varying operational conditions. *For more information, view this lecture on [Data Handling, Data Storage, and Data Retention](https://courses.thorteaches.com/courses/take/cissp/lessons/18588262-data-handling-data-storage-and-data-retention). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_storage).*

Answer 20

Individuals whose data is collected and processed, protected by privacy regulations to ensure their personal information's safety. ## Footnote Individuals or entities whose data is collected, processed, and stored by an organization. Used in data privacy regulations to ensure the protection of personal information. For example, a healthcare provider may collect data on patients for medical treatment but must ensure their personal information is kept confidential. *For more information, view this lecture on [Data Classification and Clearance](https://courses.thorteaches.com/courses/take/cissp/lessons/18588247-data-classification-and-clearance). Or visit this [Wikipedia page](https://courses.thorteaches.com/courses/take/cissp/lessons/19178858-type-2-authentication-something-you-have-or-possession-factors).*

Answer 21

People who interact with data, analyzing or using it within their roles, following data protection laws and best practices. ## Footnote Individuals or entities that access, analyze, or utilize data as part of their business processes, research activities, or decision-making tasks. Data users can range from business analysts and data scientists to end-users inputting and retrieving data from an application. They are typically subject to data governance policies and responsible for adhering to data protection laws and best practices. *For more information, view this lecture on [Data Classification and Clearance](https://courses.thorteaches.com/courses/take/cissp/lessons/18588247-data-classification-and-clearance). Or visit this [Wikipedia page](https://courses.thorteaches.com/courses/take/cissp/lessons/18588265-mission-data-system-owners-and-data-custodians).*

Answer 22

Downgrading or releasing previously restricted information, making it available for public access when protection is no longer needed. ## Footnote The process by which information that has previously been classified as confidential, secret, or top-secret is downgraded in secrecy level or made entirely public. This process is critical for ensuring that information which no longer requires protection is accessible for public scrutiny or for use in non-sensitive contexts. The procedure is typically controlled by strict protocols to maintain the overall integrity of an organization's information management system. *For more information, view this lecture on [Data Classification and Clearance](https://courses.thorteaches.com/courses/take/cissp/lessons/18588247-data-classification-and-clearance). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Declassification).*

Answer 23

The security level automatically applied to data without a specific label, set by organizational policy. ## Footnote Default classification refers to the security level automatically applied to data or information in the absence of a specific classification label. While it can be the most restrictive, this is not always the case; the default level is determined by an organization's policy and could potentially be open or public if the data is not sensitive. The default classification serves as an initial safeguard until the proper classification can be reviewed and applied based on the data's content and the need for confidentiality. *For more information, view this lecture on [Data Classification and Clearance](https://courses.thorteaches.com/courses/take/cissp/lessons/18588247-data-classification-and-clearance).*

Answer 24

The use of magnetic fields to erase data from magnetic storage media, rendering it unreadable and securing its disposal. ## Footnote A process by which magnetic fields are used to neutralize or erase data from a magnetic storage medium, such as hard drives or tapes. The process renders the data unreadable, thus ensuring the secure disposal of sensitive information, though it should be noted that once a device has been degaussed, it is typically no longer usable. *For more information, view this lecture on [Data Remanence and Destruction](https://courses.thorteaches.com/courses/take/cissp/lessons/18588465-data-remanence-and-destruction). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Degaussing).*

Answer 25

The process of anonymizing data by removing or modifying personally identifiable information. ## Footnote A process where personally identifiable information (PII) is removed or anonymized from a dataset. The aim is to protect the privacy of individuals by ensuring that the data cannot be traced back to them. This technique is often used in data analytics and research, where large volumes of data are needed, but the identification of specific individuals is not. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/De-identification).*

Answer 26

A unique code assigned to a device that distinguishes it within a network. ## Footnote A Device Identifier is an alphanumeric string or number that uniquely identifies a specific device in a network environment. It facilitates device management, tracking, and secure communication by allowing systems to differentiate between multiple devices. Device identifiers are critical in security, troubleshooting, and asset management, ensuring that each device’s access and behavior can be monitored and controlled effectively. *For more information, view this lecture on [The OSI model- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19177264-the-osi-model-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/MAC_address).*

Answer 27

Differential Privacy is a data protection technique adding controlled “noise” to datasets, protecting individual identities while preserving broader statistical trends. ## Footnote When organizations release data or train machine learning models, differential privacy ensures sensitive information about individuals remains hidden. It does so by introducing random distortions that obscure specific entries but remain statistically valid for overall analysis. This approach balances utility and confidentiality, enabling insights without exposing personal details. Tech giants employ differential privacy in analytics, contact tracing, and smart queries, protecting user privacy while gleaning valuable population-level understanding. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Differential_privacy).*

Answer 28

Access control technologies regulating the use and distribution of digital media. ## Footnote A set of access control technologies used by publishers, copyright holders, and individuals to restrict the ways in which proprietary content can be utilized and distributed. DRM systems are designed to prevent unauthorized copying and sharing of digital media and manage the rights of users to access eBooks, music, films, software, and other digital content. These technologies can enforce limitations such as the duration of access, the devices on which content can be viewed, and the number of times content can be accessed or copied. While DRM helps protect intellectual property rights, it also raises concerns about user rights, fair use, and interoperability. *For more information, view this lecture on [Data Protection](https://courses.thorteaches.com/courses/take/cissp/lessons/25649829-data-protection). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Digital_rights_management).*

Answer 29

Volatile memory that stores bits in capacitors, requiring periodic refresh. ## Footnote DRAM stores each bit of information in a capacitor, which must be regularly refreshed to maintain data integrity. It offers high density and cost-effectiveness, making it the standard choice for main system memory despite being slower and less expensive than SRAM. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Dynamic_random-access_memory).*

Answer 30

A non-volatile memory used to store small amounts of data that can be erased and reprogrammed. ## Footnote A type of non-volatile memory used in computers and other electronic devices to store small amounts of data that must be saved when power is removed. The data stored in EEPROM can be electrically erased and reprogrammed, which provides flexibility but also requires careful management to prevent unauthorized data alteration or disclosure. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/EEPROM).*

Answer 31

EOL denotes a point when a product, typically software or hardware, is no longer supported or updated by the vendor, increasing security and compatibility risks. ## Footnote Once EOL status is reached, the manufacturer discontinues patching, bug fixes, or feature enhancements. Businesses relying on EOL products confront unpatched vulnerabilities and may face regulatory noncompliance. Migration or upgrading becomes urgent to maintain performance and security. Organizations must strategize replacement timelines, budgeting, and data migration processes to minimize disruption and potential exposures. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/End-of-life_product).*

Answer 32

EOS occurs when vendors cease providing maintenance, parts, or technical help for a product, rendering it unsupported and potentially risky for ongoing enterprise use. ## Footnote Similar to EOL but covering physical items as well, EOS leaves legacy systems prone to hardware failures, unaddressed security problems, and limited third-party support. Companies face higher downtime and compliance challenges. Planning for EOS includes budgeting for replacements, data backups, and transition strategies. Being proactive prevents last-minute crises and ensures smoother adoption of newer, more secure technology solutions. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/End-of-life_product).*

Answer 33

A non-volatile memory chip that can be erased and reprogrammed using UV light. ## Footnote EPROM is a type of non-volatile memory that allows data to be erased by exposing the chip to ultraviolet light and reprogrammed thereafter. Traditionally used in firmware storage and development, it has largely been supplanted by more advanced reprogrammable memory technologies. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/EPROM).*

Answer 34

The process of permanently removing data from storage media to prevent unauthorized recovery, often using methods like overwriting or physical destruction. ## Footnote The process of permanently removing data from a storage medium, making it irrecoverable. This is an important measure in safeguarding sensitive information from unauthorized access, particularly when decommissioning devices or when data is no longer needed. Erasure methods may include overwriting, degaussing, or physical destruction, depending on the sensitivity of the data and the security requirements. *For more information, view this lecture on [Data Remanence and Destruction](https://courses.thorteaches.com/courses/take/cissp/lessons/18588465-data-remanence-and-destruction). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_erasure).*

Answer 35

Storage mediums like hard drives or flash drives used to increase data storage capacity or backup data. ## Footnote Any storage medium that is not directly integrated into the main device. This can include hard drives, solid-state drives, USB flash drives, memory cards, or network-attached storage devices. External storage allows for increased data storage capacity portability and often serves as a method for data backup. *For more information, view this lecture on [Media Storage](https://courses.thorteaches.com/courses/take/cissp/lessons/20679148-media-storage). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/External_storage).*

Answer 36

Software that gives low-level control for hardware operation, stored on non-volatile memory for persistent use. ## Footnote A specialized form of software that provides low-level control for a device's specific hardware. Firmware can be found in embedded systems such as traffic lights, consumer appliances, wireless routers, and digital watches. It can also provide essential instructions for how a device communicates with other computer hardware. Unlike typical software, firmware is usually designed for a specific hardware device and is stored on non-volatile memory chips, making it persistent through reboots and power off/on cycles. Firmware updates can fix bugs, add features, and patch security vulnerabilities. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Firmware).*

Answer 37

Non-volatile memory that stores data electronically and allows rapid access. ## Footnote Flash memory is a type of non-volatile storage that permits quick data access and electrical reprogramming. Widely used in devices like USB drives, SSDs, and smartphones, it offers durability and speed, though it has a limited number of write-erase cycles compared to other storage media. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Flash_memory).*

Answer 38

The process of preparing a storage device for data, establishing a file system. ## Footnote Formatting involves initializing a storage medium by creating a file system, partitioning the drive, and setting up directories. This process readies the device for data storage and retrieval, ensuring compatibility with the operating system and promoting data organization, performance, and long-term reliability. *For more information, view this lecture on [Data Remanence and Destruction](https://courses.thorteaches.com/courses/take/cissp/lessons/18588465-data-remanence-and-destruction).*

Answer 39

GPS is a satellite-based navigation technology providing accurate location, velocity, and timing information worldwide through a network of orbiting satellites. ## Footnote Initially developed by the U.S. government, GPS has civilian and commercial applications in smartphones, vehicles, and IoT devices for mapping, tracking, and route optimization. Signals from multiple satellites calculate precise coordinates, enabling location-based services. Though widely available, GPS can be jammed or spoofed, prompting security concerns. Despite limitations, it remains essential for modern transportation, logistics, and emergency operations. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Global_Positioning_System).*

Answer 40

A physical key or token for access to secure areas or systems, such as metal keys, keycards, or smart keys. ## Footnote A physical key or token that is used to gain access to a physical location or system. Hard copy keys can be used to unlock doors, start vehicles, or access secure areas and are typically kept on a keychain or other physical device. Examples of hard copy keys include traditional metal keys, keycards, and smart keys.

Answer 41

Accidental exposure of sensitive information, posing a risk to data security and privacy. ## Footnote The accidental release of sensitive information. It is used in data security and privacy regulations to prevent unauthorized access to confidential data. Examples include a careless employee sending an email with personal information to the wrong recipient or a data breach caused by a weak password.

Answer 42

Categorizing data based on sensitivity, ensuring the right level of protection to prevent unauthorized access or leaks. ## Footnote The process of categorizing an organization's data and information based on its sensitivity and importance. This helps to ensure that the appropriate level of protection is applied to the data and information. Information classification is used to protect against unauthorized access and disclosure of sensitive information. Examples of information classification include public, confidential, and classified. *For more information, view this lecture on [Data Classification and Clearance](https://courses.thorteaches.com/courses/take/cissp/lessons/18588247-data-classification-and-clearance). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_classification_(data_management)).*

Answer 43

A senior manager responsible for defined sets of information, accountable for classification, handling, and compliance. ## Footnote The information owner is typically a member of senior management with designated responsibility over specific sets of information within an organization. They are accountable for setting the policies for classifying, handling, and safeguarding the information, as well as ensuring that the information is used in compliance with legal and policy requirements. *For more information, view this lecture on [Mission, Data, System Owners, and Data Custodians](https://courses.thorteaches.com/courses/take/cissp/lessons/18588265-mission-data-system-owners-and-data-custodians).*

Answer 44

Technology restricting access to and usage of digital information, ensuring compliance and protecting data privacy. ## Footnote A technology used to control access to and usage of digital information. It is used in the legal and financial industries to prevent unauthorized access and ensure compliance with data protection regulations. Examples include password-protecting documents, setting expiration dates for access, and limiting the ability to print or copy sensitive information. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Information_rights_management).*

Answer 45

The stages through which an information system is planned, developed, used, and retired. ## Footnote The Information System Lifecycle outlines the phases from initial concept and planning to design, implementation, operation, and eventual retirement of a system. This structured process ensures that systems are regularly updated, maintained, and decommissioned in an organized manner, supporting long-term efficiency, security, and compliance with evolving requirements. *For more information, view this lecture on [Managing the information system lifecycle](https://courses.thorteaches.com/courses/take/cissp/lessons/54398552-new-2024-managing-the-information-system-lifecycle). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Systems_development_life_cycle).*

Answer 46

A symmetric-key encryption algorithm known for its strength and efficiency. ## Footnote The International Data Encryption Algorithm (IDEA) is a symmetric-key block cipher known for its strength and efficiency in encrypting electronic data. IDEA utilizes 64-bit blocks and a complex series of operations in multiple rounds to provide a high level of security. It's widely respected for its design and has been used in various encryption protocols, notably in some versions of the Pretty Good Privacy (PGP) protocol for securing emails. *For more information, view this lecture on [Symmetric encryption- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149624-symmetric-encryption-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm).*

Answer 47

The process of tracking, maintaining, and managing hardware and software assets within an organization. ## Footnote The process of ensuring that all physical and digital assets within an organization, such as hardware, software, and digital licenses, are accurately tracked, used, and maintained throughout their lifecycle. This management process is crucial to mitigate risks associated with over or under-utilization, legal issues, and unaccounted resources. It assists in optimizing resource allocation, reduces unnecessary expenditure, and supports strategic decision-making within the organization. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Information_lifecycle_management).*

Answer 48

The systematic approach to managing IT assets from acquisition through deployment to retirement. ## Footnote A systematic approach to the oversight and management of any hardware or software used within an organization, from acquisition and deployment through active use to eventual disposal. This lifecycle involves stages such as planning, acquiring, deploying, managing, and retiring. Effective management throughout this lifecycle ensures that all assets remain secure, functional, and valuable for as long as they're in service. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Information_lifecycle_management).*

Answer 49

The phase where IT assets are identified, acquired, and recorded in an organization's ITAM system. ## Footnote The acquiring phase in the IT Asset Management (ITAM) lifecycle involves identifying requirements, selecting vendors, and purchasing IT assets. It includes assessing financial and operational impacts, as well as ensuring compliance with organizational policies and security standards. Proper acquisition strategies optimize spending and align new assets with business objectives. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Information_lifecycle_management).*

Answer 50

Allocating security measures to IT assets based on their role and the data they handle. ## Footnote In the Assigning Security phase of the IT Asset Management Lifecycle, organizations allocate security measures to their IT assets. This step is crucial for protecting assets against threats by implementing appropriate controls, such as user authentication, encryption, and antivirus software, tailored to the asset's role and the data it handles. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Information_lifecycle_management).*

Answer 51

The phase of configuring, installing, and integrating IT assets within the existing infrastructure. ## Footnote Deployment in the IT Asset Management Lifecycle involves the configuration, installation, and integration of IT assets within the existing enterprise infrastructure. This stage ensures that new assets are operable, achieve intended performance metrics, and possess the necessary security controls to protect against operational risks. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Information_lifecycle_management).*

Answer 52

Ongoing monitoring of IT assets to ensure they are secure, functional, and provide value to the organization. ## Footnote This phase refers to the continuous monitoring and managing of an asset throughout its active life within an organization. This includes regular updates, patching, performance tracking, user management, and addressing any security concerns or threats that may arise. This ongoing process ensures the asset remains functional, efficient, and secure, supporting its intended role within the organization. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Information_lifecycle_management).*

Answer 53

The initial phase of forecasting, determining lifespan, and security needs for a new IT asset. ## Footnote In this initial stage, the need for a new asset is identified, and its acquisition and integration into the existing infrastructure are planned. This involves forecasting future needs, determining the asset's expected lifespan, and understanding the security needs and threats it might face. The planning stage aims to make informed decisions about the asset to be procured and how it will be secured. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Information_lifecycle_management).*

Answer 54

Decommissioning IT assets in a controlled manner, ensuring no data breaches or security risks. ## Footnote This stage involves decommissioning the asset once it has reached the end of its operational life or is no longer required by the organization. This may involve secure data deletion, hardware disposal, or transfer of the asset, all done in a way that mitigates any potential security risks. Retiring an asset in a controlled manner is crucial to prevent unauthorized access to any sensitive data that may remain on the asset. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Information_lifecycle_management).*

Answer 55

Technology-related functions provided to an organization's staff or customers, crucial for operations. ## Footnote The delivery of technology-related functions to an organization's staff or customers. Services can range from managing network infrastructure and maintaining databases to providing software applications, help desk support, and more. The quality, reliability, and security of these services are crucial for the organization's operations and reputation. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/IT_service_management).*

Answer 56

Individuals utilizing technology resources provided by an organization, adhering to usage guidelines. ## Footnote Any individual who uses the technology resources, systems, or services provided by an organization. This includes employees, contractors, consultants, or external parties, depending on the access permissions. Users must adhere to specific guidelines and policies to ensure responsible usage and maintain the integrity, availability, and confidentiality of data and systems. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/User_(computing)).*

Answer 57

Preserving data that may be relevant to litigation, ensuring it's not destroyed or altered during legal investigations. ## Footnote The process of preserving data that may be relevant to a legal matter. It is used by organizations to ensure that they do not destroy or alter any data that may be needed for a legal investigation or lawsuit. For example, a company may use legal holds in data retention to prevent the deletion of emails that may be relevant to a pending lawsuit. *For more information, view this lecture on [Media storage](https://courses.thorteaches.com/courses/take/cissp/lessons/20679148-media-storage). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Legal_hold).*

Answer 58

The ongoing process of managing IT assets from acquisition to disposal, encompassing tracking, maintenance, and security. ## Footnote The process of managing the entire lifecycle of an IT asset, from procurement to disposal. It is used to optimize the use of assets and reduce the risk of security vulnerabilities. Examples of the lifecycle of assets include asset tracking, software patching, and end-of-life planning. *For more information, view this lecture on [The Information Life Cycle](https://courses.thorteaches.com/courses/take/cissp/lessons/18588237-the-information-life-cycle).*

Answer 59

Residual magnetic signal left on storage media after attempts to erase it, potentially allowing data recovery. ## Footnote Magnetic remanence refers to the residual magnetization left on a storage medium, such as a hard disk or a magnetic tape, even after attempts to erase the data. This property can potentially allow previously stored data to be recovered, which presents security challenges when disposing of or repurposing storage devices. Methods like degaussing can be used to reduce magnetic remanence to protect sensitive information. *For more information, view this lecture on [Data Remanence and Destruction](https://courses.thorteaches.com/courses/take/cissp/lessons/18588465-data-remanence-and-destruction). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Remanence).*

Answer 60

Concealing sensitive data by replacing it with dummy information to prevent unauthorized access during operations. ## Footnote A process used to protect sensitive data by replacing it with random characters or other dummy information. It enables users to carry out operations without exposing the actual data, thus preserving confidentiality. It's a technique often used in environments where data needs to be used for testing or analysis but where the original data contains sensitive details. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_masking).*

Answer 61

Devices and methods for storing and transmitting data, encompassing physical and virtual storage options. ## Footnote The various methods or devices used for data storage or transmission. This can include physical items like hard drives, solid-state drives, and optical discs, as well as virtual concepts like cloud storage. Effective media management is crucial to ensure data integrity, availability, and confidentiality. *For more information, view this lecture on [Data Handling, Data Storage, and Data Retention](https://courses.thorteaches.com/courses/take/cissp/lessons/18588262-data-handling-data-storage-and-data-retention). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Computer_data_storage#Storage_media).*

Answer 62

Managing, archiving, and tracking various media types to maintain availability, integrity, and security. ## Footnote The comprehensive process of managing, archiving, and tracking digital and non-digital media to ensure its availability, integrity, and security. This includes processes such as data backup, version control, archiving, retrieval, and disposal, often managed using specialized software to ensure efficiency and reliability. *For more information, view this lecture on [Data Handling, Data Storage, and Data Retention](https://courses.thorteaches.com/courses/take/cissp/lessons/18588262-data-handling-data-storage-and-data-retention).*

Answer 63

Deterioration of magnetic media due to environmental oxygen, leading to data loss or degradation. ## Footnote Media oxidation is a form of deterioration that affects magnetic media when it reacts with oxygen in the environment, leading to data loss or degradation over time. Steps such as proper environmental control and storage conditions are essential to mitigate the effects of media oxidation on important data storage mediums like magnetic tapes and hard disk drives.

Answer 64

Systems or devices designed to hold and preserve various digital media. ## Footnote Media Storage encompasses a range of hardware and systems used to record, store, and manage digital content, including text, images, audio, and video files. It involves devices like hard drives, optical media, and cloud solutions, all aimed at ensuring data integrity and easy retrieval. Effective media storage solutions balance capacity, speed, and security to meet diverse organizational and personal needs. *For more information, view this lecture on [Media storage](https://courses.thorteaches.com/courses/take/cissp/lessons/20679148-media-storage).*

Answer 65

Components or systems that store data temporarily or permanently. ## Footnote Memory in computing refers to devices and components that store data and program instructions. It includes volatile memory like RAM, which stores data temporarily for quick access during operation, and non-volatile memory, which preserves information even when power is removed. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Computer_memory).*

Answer 66

A professional ensuring the smooth operation and security of an organization's network systems and infrastructure. ## Footnote A professional responsible for the operational readiness of an organization's data communications systems, which includes maintaining, upgrading, and defending networks from potential threats. They play a critical role in ensuring that network infrastructure is efficient and secure, monitoring system performance, configuring and implementing network software and hardware, and troubleshooting network issues, among other duties. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Network_administrator).*

Answer 67

Guidelines for media sanitization to ensure proper data destruction and prevent unauthorized disclosure. ## Footnote A special publication by the National Institute of Standards and Technology providing guidelines for media sanitization. It details how to properly clear, purge, and destroy data on different types of media to prevent unauthorized disclosure of sensitive information. *Or visit this [Wikipedia page](https://csrc.nist.gov/pubs/sp/800/88/r1/final).*

Answer 68

Memory that retains information even when power is off. ## Footnote Non-volatile memory is designed to permanently store data, maintaining its contents without a continuous power supply. It is essential for long-term data retention in devices, ensuring that critical information, firmware, and system configurations remain intact through power cycles. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Non-volatile_memory).*

Answer 69

Data storage architecture allowing data access without proprietary hardware or software constraints, commonly used in cloud environments. ## Footnote A type of data storage architecture that allows access to data without the need for proprietary software or hardware. It is commonly used in cloud computing environments to provide scalable and flexible storage solutions. Examples of open storage systems include the OpenStack Swift and Ceph projects.

Answer 70

A method of securely erasing data by overwriting it, preventing potential recovery. ## Footnote A method of securely deleting data from a storage device to prevent its recovery. It is commonly used in data destruction and cybersecurity to prevent sensitive information from falling into the wrong hands. Examples of overwrite procedures include the DoD 5220.22-M standard and the Gutmann method. *For more information, view this lecture on [Data Remanence and Destruction](https://courses.thorteaches.com/courses/take/cissp/lessons/18588465-data-remanence-and-destruction). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_erasure).*

Answer 71

The person or entity with lawful control over a resource or asset, responsible for its security and management. ## Footnote The individual or entity that has legal rights and control over a data resource or an asset. They are responsible for defining the classification of the data, access controls, and ensuring appropriate protection mechanisms are in place to safeguard the integrity, confidentiality, and availability of the data. *For more information, view this lecture on [Mission, Data, System Owners, and Data Custodians](https://courses.thorteaches.com/courses/take/cissp/lessons/18588265-mission-data-system-owners-and-data-custodians).*

Answer 72

The rights and responsibilities regarding data stored in the cloud, influencing management and security practices. ## Footnote Ownership of cloud data refers to the legal and contractual rights and responsibilities regarding data stored in cloud environments. It determines who has control over the data, who can access it, and who is liable for its protection. This is particularly crucial in cloud services agreements, where the delineation of data ownership affects how data is managed, shared, and secured in the cloud. *For more information, view this lecture on [Mission, Data, System Owners, and Data Custodians](https://courses.thorteaches.com/courses/take/cissp/lessons/18588265-mission-data-system-owners-and-data-custodians).*

Answer 73

A network of banking procedures and funds transfer systems enabling monetary transactions. ## Footnote A payment system is a set of tools, banking procedures, and typically interbank funds transfer systems that ensure the circulation of money. In the realm of cybersecurity, securing payment systems is vital to prevent fraud, financial loss, data breaches, and to maintain trust between parties involved in the transaction. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Payment_system).*

Answer 74

Software or systems managing employee compensation and ensuring accurate and timely payroll processes. ## Footnote An application or system used to manage employee compensation, including salary calculation, tax withholding, benefit deductions, and paycheck distribution. A reliable and accurate payroll system is essential for financial management and regulatory compliance. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Payroll).*

Answer 75

Dividing business operations into time intervals for systematic financial recording and reporting. ## Footnote The division of business operations into discrete time intervals for accounting purposes, such as days, months, or fiscal quarters. This allows for the systematic recording, analysis, and reporting of financial data and transactions.

Answer 76

Electronic systems processing customer transactions in retail and hospitality. ## Footnote Electronic systems that are used to process transactions at retail stores, restaurants, and other businesses. They are used in retail and hospitality to facilitate sales, capture customer information, and manage inventory. Examples include cash registers, credit card terminals, and mobile point-of-sale devices. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Point_of_sale).*

Answer 77

One-time programmable memory that permanently stores data. ## Footnote PROM is a form of non-volatile memory that can be programmed only once. After the initial programming, the data becomes permanent, making it suitable for applications where fixed instructions or configurations are required, though it does not allow for subsequent modifications. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Programmable_read-only_memory).*

Answer 78

The process of removing data from a storage medium in a manner that renders it irrecoverable, ensuring sensitive information is securely erased. ## Footnote The process of removing data from a storage device with the intention of making it irrecoverable by any means. This can include multiple approaches like overwriting data with specific patterns, degaussing (for magnetic storage), or physical destruction. Purging is a critical step in ensuring data confidentiality when retiring or repurposing storage media. *For more information, view this lecture on [Data Remanence and Destruction](https://courses.thorteaches.com/courses/take/cissp/lessons/18588465-data-remanence-and-destruction). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_sanitization).*

Answer 79

Volatile computer memory used for temporarily storing data for quick read and write access, crucial in running applications and processes. ## Footnote A type of memory used in computers to store data and instructions that are currently being used or accessed. It is a crucial component of any computer system and is essential for efficient performance. Examples include the use of RAM to store operating system files, the use of RAM to store application data, and the use of RAM to store temporary data. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Random-access_memory).*

Answer 80

The operation of accessing and retrieving data from a storage location, a fundamental computing function. ## Footnote The act of accessing and retrieving data from a storage location. It is used in computing to access information from a variety of sources, including memory, disk, or network. Examples of reading include accessing a file on a computer's hard drive or reading data from a database.

Answer 81

Permission allowing users to view but not modify data within a system, crucial in data protection. ## Footnote The permission to access and retrieve data from a storage location. It is used in security to control who can access sensitive information. Examples of read access include allowing only certain users to view sensitive financial data or restricting access to confidential documents.

Answer 82

The residual representation of data on storage media after attempts to erase it, posing risks if sensitive information can still be recovered. ## Footnote The residual representation of data that remains even after attempts have been made to remove or erase the data. This phenomenon can occur in storage media such as hard drives or flash memory. Proper measures must be taken to ensure complete data erasure, especially when the data is sensitive, to prevent unauthorized access or data breaches. Techniques such as multiple overwrites, degaussing, or physical destruction of the storage media are commonly used to minimize remanence. *For more information, view this lecture on [Data Remanence and Destruction](https://courses.thorteaches.com/courses/take/cissp/lessons/18588465-data-remanence-and-destruction). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_remanence).*

Answer 83

Portable storage devices that can be easily attached and detached from a computer, like USB flash drives. ## Footnote Any physical media or device that can be easily removed or detached from a computer or network. It is commonly used for storing, transferring, or backing up data. Examples include USB flash drives, external hard drives, or removable storage cards. *For more information, view this lecture on [Media Storage](https://courses.thorteaches.com/courses/take/cissp/lessons/20679148-media-storage). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Removable_media).*

Answer 84

Permanent non-volatile storage in computers that typically contains essential system firmware. ## Footnote A type of non-volatile storage used in computers and other electronic devices. It contains firmware that is permanently written during the manufacturing process and cannot be modified under normal computer operation. This makes ROM a secure place to store critical system instructions because they can't be altered or deleted by malicious software or user actions. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). For more information, view this lecture on [Hardware Architecture- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/45831595-hardware-architecture-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Read-only_memory).*

Answer 85

The process of removing sensitive information from a system to prevent unauthorized access or data leaks. ## Footnote The process of removing or neutralizing sensitive data or information from a system or database. It is used to protect privacy and prevent unauthorized access to sensitive information. Examples include removing personally identifiable information from a database before sharing it with third parties, wiping a computer's hard drive before disposing of it, and sanitizing sensitive documents before shredding them. *For more information, view this lecture on [Data Remanence and Destruction](https://courses.thorteaches.com/courses/take/cissp/lessons/18588465-data-remanence-and-destruction). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_sanitization).*

Answer 86

Determining the boundaries or limitations of a project, system, or process to ensure clarity and manageability. ## Footnote The process of defining and delimiting the boundaries and parameters of a project, system, or process. It is used to clarify the objectives, requirements, and constraints of a project and ensure its feasibility and success. Examples include a scoping study for identifying and assessing the potential impacts of a development project, a scoping exercise for defining the scope and requirements of a software project, and a scoping review for summarizing the evidence on a particular research topic. *For more information, view this lecture on [Data Security Frameworks](https://courses.thorteaches.com/courses/take/cissp/lessons/18588532-data-security-frameworks).*

Answer 87

Defining the boundaries and content of a project or security evaluation to clarify reach and expectations. ## Footnote The process of defining the boundaries and limitations of a security system or network. It is used to identify which assets and resources need to be protected and to determine the appropriate security controls to implement. Examples include determining the scope of a security assessment, defining the scope of a data protection plan, and determining the scope of a security policy.

Answer 88

SDRAM is a DRAM variant synchronized with the system clock for improved performance. ## Footnote SDRAM is a type of DRAM that operates in sync with the system clock, allowing for more efficient data transfer and reduced latency. It provides enhanced performance in modern computing environments by aligning memory operations with the processor’s timing mechanisms. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/SDRAM).*

Answer 89

A Secret clearance is a mid-level security authorization granted by governments, permitting individuals to access classified information that could cause serious damage if disclosed. ## Footnote Candidates undergo background investigations, examining personal, financial, and criminal histories. Holding a Secret clearance implies trustworthiness and a need-to-know justification. Classified materials must be guarded with strict protocols—like secure facilities and limited data sharing. Violations can lead to revocation or legal consequences. Secret clearance is common in defense, intelligence, and government roles requiring controlled information handling. *For more information, view this lecture on [Data Classification and Clearance](https://courses.thorteaches.com/courses/take/cissp/lessons/18588247-data-classification-and-clearance). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Classified_information#United_States).*

Answer 90

A professional who manages and oversees an organization's IT security measures to maintain system integrity and confidentiality. ## Footnote A professional responsible for managing an organization's IT security policies and procedures. Security administrators oversee the implementation of security solutions, monitor for threats, and ensure that networks and data remain secure against unauthorized access and breaches.

Answer 91

A professional who analyzes security threats, vulnerabilities, and implements strategies to defend against potential cyber-attacks. ## Footnote A professional who is responsible for analyzing security risks and vulnerabilities and developing solutions to protect against them. They may work in a variety of industries, such as finance, healthcare, and government. For example, a security analyst at a bank may analyze network logs to identify potential threats, or a security analyst at a hospital may develop policies to protect patient data.

Answer 92

The person responsible for overseeing and managing an organization's security awareness initiatives. ## Footnote A person responsible for overseeing and managing a security awareness program. They are responsible for developing and implementing security awareness campaigns, as well as providing ongoing support and education to employees. Examples of a security awareness coordinator include a human resources manager or a dedicated security team member. *For more information, view this lecture on [Information Security Governance: Policies, Procedures, Guideline, and Frameworks](https://courses.thorteaches.com/courses/take/cissp/lessons/18588064-information-security-governance-policies-procedures-guideline-and-frameworks).*

Answer 93

Defined areas within an information system where security policies and measures are applied. ## Footnote A sphere within which security policies and rules govern access to information or resources. In a network or system, different security domains might exist, each with its own levels of trust and access controls, allowing users or processes to access specific data or resources based on their privileges. For example, a network might have separate security domains for its administrative, production, and guest users, each with distinct rules for accessing data and resources. *For more information, view this lecture on [Secure System Design Concepts](https://courses.thorteaches.com/courses/take/cissp/lessons/18591293-secure-system-design-concepts).*

Answer 94

Data that requires protection due to its confidentiality, integrity, or availability requirements. ## Footnote Data that must be protected due to its confidentiality, integrity, or availability requirements. Examples can range from personal information such as social security numbers, financial data, and health records to proprietary business details like trade secrets or unpublished financial results. The unauthorized disclosure, alteration, or destruction of sensitive information can result in financial loss, damage to reputation, legal penalties, or even pose threats to personal safety. *For more information, view this lecture on [Data Classification and Clearance](https://courses.thorteaches.com/courses/take/cissp/lessons/18588247-data-classification-and-clearance). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Information_sensitivity).*

Answer 95

The measure of the impact that unauthorized access, modification, or loss of data could have. ## Footnote The quality or measure of the potential impact that could result from unauthorized access, modification, or loss of data. It is often determined by legal, ethical, or business requirements and is used to guide decisions around the level of security controls that should be applied to protect specific types of data. Higher sensitivity information generally warrants more stringent security measures. *For more information, view this lecture on [Data Classification and Clearance](https://courses.thorteaches.com/courses/take/cissp/lessons/18588247-data-classification-and-clearance).*

Answer 96

A tag indicating the level of sensitivity of data, dictating its handling, distribution, and storage. ## Footnote A tag or identifier assigned to data that indicates its level of sensitivity and dictates how it should be handled, distributed, and stored. These labels, such as 'confidential', 'public', 'internal', or 'top secret', enable organizations to classify data based on its value or potential impact if compromised. Implementing sensitivity labels helps ensure the appropriate level of security and access controls are applied, facilitating compliance with privacy and data protection regulations. *For more information, view this lecture on [Data Classification and Clearance](https://courses.thorteaches.com/courses/take/cissp/lessons/18588247-data-classification-and-clearance). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Computer_access_control#Mandatory_access_control).*

Answer 97

A support team assisting users with technical issues and managing IT-related incidents and requests. ## Footnote A team or department responsible for providing technical support and assistance to users of a system or service. It is used in IT operations to manage and resolve incidents, problems, and requests related to the operation of a system or service. Examples include using a service desk for incident management, problem management, and service level management. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Service_desk).*

Answer 98

An entity that offers various services such as internet access, cloud applications, or security solutions. ## Footnote A company or organization that offers a specific service to customers, often over a network. Services can range from internet access, cloud-based software applications, and data storage to digital security solutions. As part of their offerings, service providers are often responsible for the maintenance, security, and availability of the services they provide, with details typically laid out in service level agreements (SLAs). *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Service_provider).*

Answer 99

Shadow IT refers to software, devices, or cloud services used within an organization without explicit approval or oversight from the IT or security departments. ## Footnote Employees may adopt productivity tools or cloud platforms for convenience, inadvertently circumventing official security controls. This can result in unpatched vulnerabilities, data silos, or compliance issues. Managing Shadow IT involves discovery tools, strict policies, and education about risks. By bridging communication gaps and offering legitimate alternatives, organizations can mitigate unauthorized technology usage while maintaining security standards and innovation. *For more information, view this lecture on [Data Protection](https://courses.thorteaches.com/courses/take/cissp/lessons/25649829-data-protection). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Shadow_IT).*

Answer 100

Volatile memory using flip-flops that retains data with continuous power. ## Footnote SRAM is a type of volatile memory that uses bistable flip-flop circuits to store data. It is faster and more reliable than DRAM but more expensive, commonly used for cache memory where rapid data access is critical, provided that continuous power is maintained. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Static_random-access_memory).*

Answer 101

SSD is a non-volatile storage device that uses flash memory for fast data access. ## Footnote An SSD utilizes flash memory to store data persistently without moving parts. This results in faster read/write speeds, higher durability, and lower power consumption compared to traditional hard disk drives, making SSDs ideal for enhancing system performance in a range of computing devices. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Solid-state_drive).*

Answer 102

A dedicated secure location for housing data, hardware, or other assets. ## Footnote A Storage Facility is a specialized area—such as a data center or warehouse—designed for the secure storage and management of physical or digital assets. Equipped with environmental controls, security measures, and backup systems, these facilities safeguard critical resources from theft, damage, or environmental hazards. They play a vital role in maintaining operational continuity and protecting valuable assets from a wide range of risks. *For more information, view this lecture on [Media Storage](https://courses.thorteaches.com/courses/take/cissp/lessons/20679148-media-storage). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Iron_Mountain_(company)).*

Answer 103

A professional managing and maintaining computer systems to ensure their optimal operation. ## Footnote A professional responsible for the upkeep, configuration, and reliable operation of computer systems, especially multi-user systems like servers. The SA ensures that system hardware, software, and related infrastructure are maintained effectively. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/System_administrator).*

Answer 104

Components of a computer system that are valuable and require protection, such as hardware and software. ## Footnote The physical and logical components of a computer system that are valuable to an organization and require protection. System assets can include hardware, software, data, and networks. They are often identified and protected through the implementation of security policies and controls.

Answer 105

Customizing security measures to meet the unique needs and challenges of an organization. ## Footnote The process of customizing or adapting a security solution or standard to fit the specific needs and requirements of an organization. It is used in various industries, including information technology, healthcare, and finance, to ensure that security measures align with the unique risks and challenges faced by the organization. Examples include tailoring a security policy to address specific vulnerabilities in an organization's network or adapting a security standard to comply with industry regulations. *For more information, view this lecture on [Data Security Frameworks](https://courses.thorteaches.com/courses/take/cissp/lessons/18588532-data-security-frameworks).*

Answer 106

A system managing the storage and retrieval of data on magnetic tape media, often used in backups. ## Footnote A software or hardware solution that manages the storage, organization, and retrieval of data on tape media. It is commonly used in large-scale data backup and recovery operations, where tapes are used as a long-term storage medium. Examples include tape libraries, tape robots, and tape cataloging systems. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Tape_management_system).*

Answer 107

Top Secret clearance is a high-level security authorization allowing individuals to view extremely sensitive government material that could severely jeopardize national security if exposed. ## Footnote Candidates undergo rigorous background checks, including financial, criminal, and personal reference investigations. Holders must follow strict information-handling procedures and limit sharing to those with a verified need-to-know. Violations can result in legal consequences and revocation. Top Secret clearance holders frequently work in intelligence, defense, or critical infrastructure roles, managing closely guarded, mission-critical data or operations. *For more information, view this lecture on [Data Classification and Clearance](https://courses.thorteaches.com/courses/take/cissp/lessons/18588247-data-classification-and-clearance). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Security_clearance).*

Answer 108

Unclassified refers to information or work not requiring any special security clearance, accessible to the general public without posing national security risks or sensitive exposures. ## Footnote Government agencies label documents unclassified when their disclosure won’t harm defense, intelligence, or foreign relations. Though not protected by secrecy laws, unclassified data can still be subject to privacy or operational restrictions. Proper labeling prevents overclassification, while secure handling ensures that sensitive details aren’t inadvertently mixed with fully open content. Clear processes maintain transparency and adherence to disclosure policies. *For more information, view this lecture on [Data Classification and Clearance](https://courses.thorteaches.com/courses/take/cissp/lessons/18588247-data-classification-and-clearance). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Security_clearance).*

Answer 109

USB thumb drives are portable flash storage devices used to transfer and store data, offering convenience but raising security and data leakage concerns. ## Footnote They’re small enough to lose easily and can carry malware across systems, bypassing network defenses. Organizations implement encryption, strict management policies, or device control software to prevent unauthorized usage. Physically securing or restricting USB ports also reduces insider threats. When used responsibly, USB drives offer efficient data portability; however, vigilance is crucial to avoid accidental breaches or infections. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/USB_flash_drive).*

Answer 110

VDI hosts desktop environments on centralized servers, allowing users to access applications and data remotely without storing them locally, enhancing security and manageability. ## Footnote Employees connect to a virtual machine that runs in the data center or cloud, isolating user sessions and simplifying updates. Sensitive information never leaves the server, reducing data leakage risks. VDI solutions often integrate multi-factor authentication and encryption. Resource scaling and centralized policy enforcement benefit large, distributed workforces. While VDI can lower hardware costs, reliable network performance remains vital for a smooth user experience. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Virtual_desktop_infrastructure).*

Answer 111

Information that is lost when a computer is turned off, such as data stored in RAM, important for forensic analysis. ## Footnote Information stored in memory that is lost when the computer is turned off or loses power. Volatile data includes information in a system's RAM and cache, which is crucial for forensic investigations as it contains temporary files and may hold evidence about running processes and system state. *For more information, view this lecture on [Memory and Data Remanence](https://courses.thorteaches.com/courses/take/cissp/lessons/18588268-memory-and-data-remanence). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Volatile_memory).*

Answer 112

Securely erasing data from storage devices to prevent recovery and protect sensitive information. ## Footnote The process of securely deleting data from a storage device to prevent it from being recovered. Used in data disposal and data destruction to protect against data breaches. Examples include overwriting data with zeros or using a data eraser. *For more information, view this lecture on [Data Remanence and Destruction](https://courses.thorteaches.com/courses/take/cissp/lessons/18588465-data-remanence-and-destruction). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Data_erasure).*

Answer 113

A data storage type allowing data to be written once and read multiple times, used for preserving unalterable records. ## Footnote A type of data storage that allows data to be written once but read multiple times. It is commonly used in industries such as finance and healthcare, where data must be retained for extended periods of time and remain unchanged. Examples of its use include storing financial records for compliance purposes or maintaining electronic medical records for patient care. *For more information, view this lecture on [Backups](https://courses.thorteaches.com/courses/take/cissp/lessons/19180401-backups). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Write_once_read_many).*

Answer 114

A data erasure method that overwrites storage with zeroes to prevent recovery of previously stored information. ## Footnote A process of overwriting all data on a storage device with zeroes in order to permanently erase the data. It is used to securely delete sensitive data and prevent it from being recovered. Examples of zero fill include wiping a hard drive, formatting a USB drive, and using a secure erase utility. *For more information, view this lecture on [Data Remanence and Destruction](https://courses.thorteaches.com/courses/take/cissp/lessons/18588465-data-remanence-and-destruction). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Disk_formatting).*

Domain 2: Asset Security Flashcards

Familiarize yourself with terminology for asset classification, data handling, and privacy protection.