Domain 2 - Index

# Domain 2 - Index Domain 2 covers data and asset lifecycle governance: classification, ownership, handling, privacy, storage, retention, backup, media controls, cloud data protection, and techniques like masking/tokenization. ## Concepts 1. [[Data Lifecycle (Create-Store-Use-Share-Archive-Destroy)]] 2. [[Information and Asset Ownership]] 3. [[Data Classification Levels and Handling Rules]] 4. [[Data Labeling and Marking]] 5. [[Record Management and Data Retention]] 6. [[Data Minimization and Purpose Limitation]] 7. [[Data States: At Rest, In Transit, In Use]] 8. [[Data Residency and Sovereignty]] 9. [[Data Inventory and Asset Register]] 10. [[Asset Valuation and Criticality]] 11. [[Access Control to Data Assets]] 12. [[Data Encryption Overview (Asset Security)]] 13. [[Key Management Basics (Asset Security)]] 14. [[Data Masking and Redaction]] 15. [[Pseudonymization vs Anonymization]] 16. [[Tokenization]] 17. [[Digital Rights Management (DRM) and Watermarking]] 18. [[Data Loss Prevention (DLP)]] 19. [[Cloud Data Protection (SaaS, PaaS, IaaS)]] 20. [[CASB and SSPM CSPM Overview]] 21. [[Backups for Data Protection (Domain 2 view)]] 22. [[Data Archiving vs Backup]] 23. [[Media Management and Sanitization]] 24. [[Sanitization Methods: Overwrite, Degauss, Cryptographic Erase, Shred]] 25. [[Physical Protection of Media]] 26. [[Secure Data Disposal and Destruction Records]] 27. [[Data Handling in Third-Party Contexts]] 28. [[Shadow IT and Unsanctioned Data Stores]] 29. [[Endpoint Data Protections (FDE, EDR, Port Controls)]] 30. [[Printing and Hardcopy Data Controls]] 31. [[Data Quality and Integrity Controls]] 32. [[Hashing and Checksums for Data Integrity]] 33. [[Data Discovery and Classification Tools]] 34. [[Data Catalogs and Metadata Management]] 35. [[Data Lineage and Provenance]] 36. [[Master Data Management (MDM)]] 37. [[Database Security: Access Models (RBAC, ABAC, RLS)]] 38. [[Database Security: Encryption Options (TDE, Field-Level)]] 39. [[Data Warehouse and Data Lake Security]] 40. [[Big Data Platforms Security (Hadoop Spark Concepts)]] 41. [[Secrets Management (Vaults, KMS, Rotation)]] 42. [[API Keys and Application Secrets Handling]] 43. [[SaaS Admin Hygiene and Least Privilege]] 44. [[Tenant Isolation and Cross-Tenant Risks]] 45. [[BYOD and Mobile Data Protection (MDM MAM)]] 46. [[Removable Media and Portable Storage Policy]] 47. [[Email Security for Data Protection (SPF DKIM DMARC DLP)]] 48. [[Secure File Transfer (SFTP, FTPS, AS2)]] 49. [[Data Sharing and External Collaboration Controls]] 50. [[Object Storage Security (Buckets, Versioning, Immutability)]] 51. [[Ransomware Data Protections (Immutable Backups, Snapshots)]] 52. [[Logs and Telemetry as Sensitive Data]] 53. [[Secrets in CI CD and Infrastructure as Code]] 54. [[Data in Caches and Temporary Storage]] 55. [[Synthetic Data Generation for Testing]] 56. [[Data Fingerprinting and Watermarking (Datasets)]] 57. [[Data Breach Response (Asset-Focused)]] 58. [[Data Protection Impact Assessment (DPIA PIA)]] 59. [[Data Governance Committee and Stewardship]] > Also see: [[MOC - CISSP]]