Skip to content

Notes & Writeups

Domain 2 Asset Security 10%

Domain 2 Asset Security 10%

2.1 Identify and classify information and assets

Chapter 5

Data classification
Asset classification

2.2 Establish information and asset handling requirements

Chapter 5

2.3 Provision information and assets securely

Chapter 16

Information and asset ownership
Asset inventory (e.g., tangible, intangible)
Asset management

2.4 Manage data lifecycle

Chapter 5

Data roles (i.e., owners, controllers, custodians, processors, users/subjects)
Data collection
Data location
Data maintenance
Data retention
Data remanence
Data destruction

2.5 Ensure appropriate asset retention (e.g., End of Life (EOL), End of Support)

Chapter 5

2.6 Determine data security controls and compliance requirements

Chapter 5

Data states (e.g., in use, in transit, at rest)
Scoping and tailoring
Standards selection
Data protection methods (e.g., Digital Rights Management (DRM), data loss prevention (DLP), cloud access security broker (CASB))