Domain 2: Asset Security

Practice questions covering asset classification, data handling, privacy, and more.

Question 1 of 10

Easy

Progress: 0%

Which of the following BEST describes the primary purpose of data classification?

To comply with regulatory requirements

To define appropriate levels of protection based on sensitivity

To determine who owns the data

To establish technical security controls

Quick Tips: Asset Security

Data Classification Levels: Typically include Public, Internal/Private, Confidential, and Restricted/Top Secret, with increasing security controls for higher levels.

Data Roles: Data Owner (accountable executive), Data Custodian (implements controls), Data Steward (ensures quality), and Data User (consumes data).

Data Lifecycle: Creation, Processing, Storage, Use, Sharing, Archiving, and Destruction. Security controls must address each phase.

Key Privacy Principles: Notice, Consent, Purpose Limitation, Data Minimization, Accuracy, Storage Limitation, Integrity/Confidentiality, and Accountability.