# Data Classification and Handling Backlink: [[Domain 1 - Index]] **Definition:** Labeling information by sensitivity and defining handling rules across its lifecycle. ## Key Facts - Typical tiers: Public, Internal, Confidential, Restricted (names vary). - Roles: data owner defines classification; custodians implement controls. - Handling: labeling, access control, encryption, transmission, storage, disposal. - Lifecycle: create → store → use → share → archive → destroy. - Align with legal/regulatory; minimize data collected/retained. - **Verify:** check official (ISC)² CBK and current exam outline. >[!tip] **Exam Relevance** - Match controls (e.g., encryption) to classification levels - Role responsibility questions (owner vs. custodian) >[!note] **Mnemonic** - “Classify to Control.” ### Example Q: Who approves downgrading classification? A: Data owner. ## Revision Checklist - [ ] List 4 classification levels - [ ] Map 2 controls to each - [ ] Name owner vs. custodian duties - [ ] Recall lifecycle stages ## Related [[Asset Valuation]] · [[Data Owners, Controllers, and Processors]] · [[Privacy Principles and Regulations]] · [[Data Retention and Destruction]] · [[Security Control Types]] #cisSP #domain-1 #concept