CISSP考试指南笔记：2.8 快速提示

• Information goes through a life cycle that starts with its acquisition and ends with its disposal.
• Each phase of the information life cycle requires different considerations when assessing risks and selecting controls.
• New information is prepared for use by adding metadata, including classification labels.
• Ensuring the consistency of data must be a deliberate process in organizations that use data replication.
• Data aggregation may lead to an increase in classification levels.
• Cryptography can be an effective control at all phases of the information life cycle.
• The data retention policy drives the timeframe at which information transitions from the archival phase to the disposal phase of its life cycle.
• Information classification corresponds to the information’s value to the organization.
• Each classification should have separate handling requirements and procedures pertaining to how that data is accessed, used, and destroyed.
• Senior executives are ultimately responsible to the shareholders for the successes and failures of their corporations, including security issues.
• The data owner is the manager in charge of a specific business unit and is ultimately responsible for the protection and use of a specific subset of information.
• Data owners specify the classification of data, and data custodians implement and maintain controls to enforce the set classification levels.
• The data retention policy must consider legal, regulatory, and operational requirements.
• The data retention policy should address what data is to be retained, where, how, and for how long.

剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记：2.8 快速提示