Domain 2 (Asset Security) Flashcards
What does a Steering Committee do?
Define risks, objectives and approaches.
What do Auditors do?
Evaluates business processes. Should answer to chief operating offices (third party).
What does the Data Owner do?
Classifies data, who can access etc
What does the Data Custodian do?
Day to day maintenance of data, backups etc
What does the Network Admin do?
Ensures availability of network resources
What does the Security Administrator do?
Responsible for security related tasks
Why should the Network Admin and Security Admin not be the same person?
Separation of duties. Different focus (availability vs confidentiality).
What are the responsibilities of the ISO?
Bigger than just IT, recommend policies, standards, regulations. Reports to executives. We collect information, dont act on our own.
Who determines the classification of data?
Data Owner
What is the purpose of data classification?
To determine what controls should be put in place
What is the difference between sensitivity and criticality?
Sensitivity has to do with privacy. Criticality describes the time sensitivity of the data.
What are the three states of data?
At rest, in process and in transit
How do you protect data at rest?
Encryption, EFS, TPM
How do you protect data in transit?
IPSec, SSL/TLS
What is TPM?
A chip on motherboard that you can use to encrypt the hard drive
What do Data Controllers do?
Create and manage sensitive data Example: HR
What do Data Processors do?
Manage data on behalf of data controllers Example: Outsourced Payroll company
What is Data Remanence?
Data that persists after deletion (as it related to data destruction)
What is the fastest memory available in a computer?
Cache Memory
What is Scoping (as it relates to standards)?
Process of determining which portions of a standard will be employed by a organization
What is Tailoring (as it relates to standards)?
Process of customizing the standard for an organization
