Session 7: Data Lifecycle & Asset Retention

Ready to ace the CISSP exam? Join our study group and get the ultimate guide to the Certified Information Systems Security Professional (CISSP) certification!

Session 7 continues Domain 2: Asset Security. We will cover the following exam objectives:
2.3 Provision information and assets securely
2.4 Manage data lifecycle
2.5 Ensure appropriate asset retention (e.g., End of Life (EOL), End of Support)

More information & join Discord: https://cissp.brittwhite.io

A huge thank you to Rotas Security for supporting this study group. Check them out at https://rotassecurity.com/ for your offensive security needs.

CISSP Resource Links:
Exam Outline: https://www.isc2.org/certifications/c...

Chapters:
02:00 CISSP Study Group
02:40 Data Lifecycle & Asset Retention
03:20 Domain Two: Asset Security
03:50 Exam Objective 2.3
03:55 Secure Provisioning Defined
04:20 Allocating Assets Securely
04:50 Importance Of Ownership
05:05 Role Of Data Owner
05:35 Asset Classification Boards
06:10 Factors For Classification
07:05 Essential Asset Inventory
07:25 Tangible Asset Examples
07:45 Intangible Asset Examples
08:15 Effective Asset Management
08:35 Configuration Management System
08:55 Software Licensing Management
09:15 Applying Access Control
10:10 Software License Audit
10:50 Secure Provisioning Recap
11:20 Exam Objective 2.4
11:35 Six Key Lifecycle Stages
12:00 Key Data Management Roles
12:15 Data Owner Responsibilities
12:25 Role Of Data Controller
12:55 Role Of Data Processor
13:15 Role Of Data Custodian
13:30 Role Of Data Steward
13:50 Role Of Data Subjects
14:25 Data Lifecycle: Creation
14:45 Data Lifecycle: Storage
15:00 Data Lifecycle: Use
15:15 Data Lifecycle: Sharing
15:35 Data Lifecycle: Archiving
15:55 Data Lifecycle: Destruction
16:10 Understanding Data Remanence
17:30 Data Sanitization Methods
17:35 Destruction Of Media
17:55 Data Purging Techniques
18:10 Data Clearing Methods
18:25 NIST SP 800-88
18:35 Effectiveness Hierarchy
19:50 Least Effective: Format
20:15 Modern Data Destruction
20:40 Cloud Storage Challenges
20:55 Mobile Device Complexities
21:10 IoT Device Limitations
21:35 Explaining Object Reuse
22:15 Data Overwriting For Reuse
22:40 Solid State Drive Issues
23:20 SSD Secure Erase Tools
23:45 Cloud Data Crypto Shredding
24:25 Data Lifecycle Management
25:10 Exam Objective 2.5
25:15 Ensuring Asset Retention
25:45 Hardware/Software Obsolescence
25:50 End Of Life (EOL)
26:15 End Of Support (EOS)
26:45 EOL Versus EOS Security
27:00 Importance Of Retention
27:20 Challenges Of Legacy Systems
27:45 Regulatory Audit Impact
28:15 Why Data Retention Matters
28:25 Legal, Regulatory Needs
28:45 Business Operations Impact
29:05 Preparing For Audits
29:25 Disaster Recovery Aspect
29:45 Supporting Legal Defense
30:05 Effective Retention Policies
30:20 Data Archiving Focus
30:40 Digital Preservation Issues
30:55 Key Archiving Requirements
31:10 Storage Media And Security
31:20 Data Availability Needs
31:25 Retention Period Compliance
31:30 Cost Management
31:35 Data Format Considerations
31:40 Backup And Redundancy
31:50 Geographic Distribution
31:55 Access Control Measures
32:00 Integrity Testing
32:10 Archiving Policy Context
32:35 Key Archiving Policy Questions
33:35 Comprehensive Retention Plan
34:15 Review Of Key Points
35:25 Upcoming Topics & Discord
36:45 Next Session Information