1 / 64

CISSP Asset Security Domain | CISSP Domain 2: Asset Security | CISSP Training | Simplilearn

This presentation will talk about the second domain of CISSP, which is Asset Security. We will understand the need for Asset Security, what is Asset Security, the various fields in Asset Security which include Information Classification, Data Classification, Data Lifecycle, Data Remanence, and Data Loss Prevention. We will also understand the term Privacy with respect to Asset Security. CISSP is one of the toughest certifications in the field of cybersecurity. Asset Security is the domain of cybersecurity which deals with the collection and protection of assets such as data, and devices. This video will help you understand all about Asset Security. <br><br>Below topics are explained in this CISSP Asset Security presentaion:<br>1. What is CISSP?<br>2. Why Asset Security<br>3. What is Asset Security?<br>4. Asset Security domains <br><br>The Certified Information Systems Security Professional (CISSP) is a globally recognized certification for information technology security professionals. Aligned with (ISC)u00b2 CBK 2018, our CISSP training covers all areas of IT security so you can become a strong information security professional.<br><br>CISSP Certification Course Overview:<br>The CISSP certification training develops your expertise in defining the IT architecture and in designing, building, and maintaining a secure business environment using globally approved information security standards. The course covers industry best practices and prepares you for the CISSP certification exam held by (ISC)u00b2.<br><br>CISSP Training Key Features:<br>- 67 hours of in-depth learning<br>- 5 simulation test papers to prepare you for CISSP certification<br>- Offers the requisite 30 CPEs for taking the CISSP examination<br><br>Eligibility:<br>The CISSP certification is the most globally recognized professional requirement in the IT Security domain. This CISSP training is best suited for those at the intermediate level of their career including; security consultants/managers, IT directors/managers, security auditors/architects, security system engineers, CIOs, and network architects.<br><br>Pre-requisites:<br>To obtain your CISSP certification, you must have a minimum of five years of full-time professional work experience in two or more of the 8 domains of the CISSP u2013 (ISC)u00b2 CBK 2018. A qualified individual with less than five years of experience will receive the (ISC)u00b2 associate title.<br><br>Learn more at https://www.simplilearn.com/cyber-security/cissp-certification-training<br><br>

Simplilearn
Télécharger la présentation

CISSP Asset Security Domain | CISSP Domain 2: Asset Security | CISSP Training | Simplilearn

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What’s in it for you? • What is CISSP? • Why Asset Security? • What is Asset Security? • Asset Security domains

  2. What is CISSP?

  3. Click here to watch the video

  4. What is CISSP? Certified Information Systems Security Professional (CISSP) certification is an advanced level cyber security certification, it trains a candidate to become an information assurance professional. This is one of the toughest cyber security certifications.

  5. What is CISSP? The CISSP Certification has a total of 8 domains:

  6. What is CISSP? The CISSP Certification has a total of 8 domains: Security and Risk Management • Asset Security Security Engineering Security Operations • Communications and Network Security Security Assessment and Testing • Software • Development Security • Identity and Access Management

  7. What is CISSP? The CISSP Certification has a total of 8 domains: Security and Risk Management Now, we will learn more about the second domain that is Asset Security • Asset Security Security Engineering Security Operations • Communications and Network Security Security Assessment and Testing • Software • Development Security • Identity and Access Management

  8. Why Asset Security? It was yet another normal day in Tim’s organization

  9. Why Asset Security? Until, a hacker decided to attack the servers in his organization

  10. Why Asset Security? The hacker could access only some of the information which had less protection

  11. Why Asset Security? However, this had a huge impact on the organization. Later it was discovered that there was a flaw in the information classification process which left even sensitive data with very less security

  12. Why Asset Security? However, this had a huge impact on the organization. Later it was discovered that there was a flaw in the information classification process which left even sensitive data with very less security This gave rise to Asset Security

  13. What is Asset Security? Asset Security deals with the collection and protection of assets such as data, and devices

  14. What is Asset Security? Asset Security comprises of the following domains: 1. Information Classification • 2. Data Classification 3. Data Lifecycle 5. Data Loss Prevention • 4. Data Remanence

  15. What is Asset Security? Asset Security comprises of the following domains: Let’s have a look at each of these domains under Asset Security 1. Information Classification • 2. Data Classification 3. Data Lifecycle 5. Data Loss Prevention • 4. Data Remanence

  16. Information Classification

  17. 1. Information Classification Not all data has the same value to an organization. Some data is more crucial compared to the rest. Hence it is important to classify all the available data

  18. 1. Information Classification Information Classification is the process of segregating data based on its importance to provide adequate level of protection to every piece of data

  19. 1. Information Classification Information Classification varies from sector to sector based on their objectives:

  20. 1. Information Classification Information Classification varies from sector to sector based on their objectives: Here, it is used to minimize risks on crucial information General

  21. 1. Information Classification Information Classification varies from sector to sector based on their objectives: General Government/ Military sector Here, it is used to prevent unauthorized access

  22. 1. Information Classification Information Classification varies from sector to sector based on their objectives: General Commercial sector Government/ Military sector Here it is used to keep sensitive information private

  23. Data Classification

  24. 2. Data Classification Few of the considerations taken while classifying data are as follows:

  25. 2. Data Classification Few of the considerations taken while classifying data are as follows: Data retention requirements • Compliance requirements Data encryption requirements • Data security requirements Data disposal methods

  26. 2. Data Classification The data owner is responsible for data classification and takes care of the following:

  27. 2. Data Classification The data owner is responsible for data classification and takes care of the following: Analyzes the use and value of the available data to the company

  28. 2. Data Classification The data owner is responsible for data classification and takes care of the following: The data owner also annually reviews the data classification

  29. 2. Data Classification The data owner is responsible for data classification and takes care of the following: Let us now have a look at the data lifecycle and start from the data creation step The data owner also annually reviews the data classification

  30. Data Lifecycle

  31. 3. Data Lifecycle Destroy Share Use Archive Create Store

  32. 3. Data Lifecycle Destroy Share Use Archive Create Store In the create phase, new data is generated, or the existing data is updated

  33. 3. Data Lifecycle Destroy Share Use Archive Create Store After creation of data, data repositories are used to store this data

  34. 3. Data Lifecycle Destroy Share Use Archive Create Store In this phase, data is viewed, processed, or used in some application

  35. 3. Data Lifecycle Destroy Share Use Archive Create Store Data is then shared between users and customers

  36. 3. Data Lifecycle Destroy Share Use Archive Create Store Inactive data is identified and moved into long term storage systems

  37. 3. Data Lifecycle Destroy Share Use Archive Create Store Data is destroyed either digitally or physically. This should be done based on regulations

  38. 3. Data Lifecycle Destroy Share Use Archive Create But what happens if the data is not destroyed even after we try to erase it? Store Data is destroyed either digitally or physically. This should be done based on regulations

  39. 3. Data Lifecycle Destroy Share Use Archive Create This gives rise to data remanence Store Data is destroyed either digitally or physically. This should be done based on regulations

  40. Data Remanence

  41. 4. Data Remanence Data Remanence is called the residual of digital data which remains even after attempting to erase that data

  42. 4. Data Remanence Security professionals should be well versed with techniques to avoid Data Remanence

  43. 4. Data Remanence Shown below are the methods used to tackle data remanence 4. Degaussing 1. Purging 5. Storing 2. Clearing 6. Destruction 3. Overwriting

  44. 4. Data Remanence Shown below are the methods used to tackle data remanence 4. Degaussing 1. Purging Purging is used to minimize risks on crucial information 5. Storing 2. Clearing 6. Destruction 3. Overwriting

  45. 4. Data Remanence Shown below are the methods used to tackle data remanence 4. Degaussing 1. Purging Data is removed from the storage device, but it can be reconstructed by using special software 5. Storing 2. Clearing 6. Destruction 3. Overwriting

  46. 4. Data Remanence Shown below are the methods used to tackle data remanence 4. Degaussing 1. Purging 5. Storing 2. Clearing 6. Destruction 3. Overwriting It involves overwriting data several times so that the original data cannot be recovered

  47. 4. Data Remanence Shown below are the methods used to tackle data remanence 4. Degaussing 1. Purging 5. Storing 2. Clearing 6. Destruction 3. Overwriting This method is used to destroy data on magnetic storage tapes

  48. 4. Data Remanence Shown below are the methods used to tackle data remanence 4. Degaussing 1. Purging 5. Storing 2. Clearing 6. Destruction 3. Overwriting Here, data is stored on media. Prior to the storage, the data is encrypted for safety

  49. 4. Data Remanence Shown below are the methods used to tackle data remanence 4. Degaussing 1. Purging 5. Storing 2. Clearing 6. Destruction 3. Overwriting Data in the storage device is physically damaged to make recovery difficult

More Related