Asset Security
6 lessons ~3h
Protecting data and assets across their full lifecycle. Classification drives every downstream control, so be precise about data roles (owner, controller, custodian, processor, subject), states (at rest, in transit, in use), retention, remanence, and destruction.
Recommended reading
Lessons
- 2.1
Identify and classify information and assets
Classification labels data by sensitivity/criticality to assign protection. Know government (Top Secret/Secret/Confidential/Unclassified) and commercial (Confidential/Private/Sensitive/Public) schemes.
~25 min
- 2.2
Establish information and asset handling requirements
Handling rules — marking, labeling, storage, and transport — must match the classification level throughout the lifecycle.
~20 min
- 2.3
Provision information and assets securely
Know who owns what and track it. Maintain an asset inventory (tangible and intangible) and apply lifecycle asset management.
~20 min
- 2.4
Manage data lifecycle
The most testable Domain 2 lesson. Memorize the data roles and their duties, and the lifecycle stages — collection, location, maintenance, retention, remanence, destruction.
~40 min
- 2.5
Ensure appropriate asset retention
Retain assets and data only as long as required by policy/law. Watch End-of-Life (EOL) and End-of-Support (EOS), which create unpatchable risk.
~15 min
- 2.6
Determine data security controls and compliance requirements
Pick controls per data state, then scope and tailor a baseline/standard to fit. Know protection methods: DRM, DLP, and CASB.
~30 min