# Key Management Basics (Asset Security) One-sentence definition: Governance and operations for cryptographic keys: generation, storage, rotation, distribution, use, and destruction. ## Key Facts - Use HSM/KMS; protect keys at rest/in use; limit export. - Separation of duties; dual control for key material. - Rotation on schedule and on compromise; version tracking. - Strong entropy, approved algorithms, and secure backups of roots. - Lifecycle documentation and access logging for audits. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Identify weakest link in a key lifecycle scenario. **Mnemonic:** “G-S-R-D-U-D” → Generate, Store, Rotate, Distribute, Use, Destroy. ## Mini Scenario Q: DB encryption keys stored in code repo—risk/fix? A: Key exposure; move to KMS/HSM and rotate. ## Revision Checklist - List 4 KMS controls. - Define dual control vs split knowledge. - Trigger events for rotation. ## Related [[Data Encryption Overview (Asset Security)]] · [[Tokenization]] · [[Cloud Data Protection (SaaS, PaaS, IaaS)]] · [[Data Loss Prevention (DLP)]] · [[Sanitization Methods: Overwrite, Degauss, Cryptographic Erase, Shred]] · [[Domain 2 - Index]]