Domain 2 - Asset Security

Question 1

What is the purpose of classification?

Answer 1

To ensure that information/assets are marked in such a way that only those with an appropriate level of clearance can have access to them.

Question 2

What is categorization?

Answer 2

The process of determining the impact of the loss of confidentiality, integrity, or availability of the information/assets to an organization.

Question 3

Define Quality Control (QC)

Answer 3

Based on INTERNAL standards established to control and monitor quality

Question 4

Define Quality Assurance (QA)

Answer 4

Based on EXTERNAL standards and involves reviewing activities and processes to ensure final products meet standards of quality.

Question 5

What is a ‘data owner’?

Answer 5

MASTER of all

Understand the replacement cost of the info
Determine who has a need for the data
Identify when data needs to be destroyed

Question 6

What is a ‘data processer’?

Answer 6

MANAGER of all (on behalf of the data owner)

Ensure accessibility
Ensure ongoing integrity

Question 7

Clearing vs Purging data?

Answer 7

Clearing is the removal of sensitive info so that it can’t be reconstructed using NORMAL system functions or techniques

Purging is the removed of sensitive data with the intent that the data cannot be reconstructed by ANY KNOWN technique