Home › D2: Asset Security
Domain 2 · 10% of Exam
Asset Security · Bảo mật Tài sản
Domain 2 covers how to classify, handle, and protect information assets throughout their lifecycle. Critical for understanding data governance and privacy compliance.
5 Lessons
~10–12 Exam Questions
Decree 13/2023 · DPA 2012 · PCI-DSS
01
Data Classification & Asset Inventory
Phân loại Dữ liệu & Kiểm kê Tài sản
Classification levels
CMDB
Govt vs Commercial
Start Lesson →
02
Data Ownership Roles
Vai trò Sở hữu Dữ liệu
Owner vs Custodian
Data Processor
DPA agreement
Start Lesson →
03
Data Lifecycle & Data States
Vòng đời Dữ liệu & Trạng thái Dữ liệu
At Rest / In Transit / In Use
Data minimization
Lifecycle stages
Start Lesson →
04
Destruction, Retention & Legal Hold
Tiêu hủy, Lưu giữ Dữ liệu & Lệnh Bảo quản
NIST SP 800-88
Spoliation
Cryptographic erasure
Start Lesson →
05
Privacy Controls, DLP & Compliance
Kiểm soát Quyền riêng tư, DLP & Tuân thủ
Privacy by Design
Anonymization vs Pseudonymization
DLP / DRM
Start Lesson →
Study Tip — Domain 2 Exam Strategy
Domain 2 is concept-heavy, not technically complex. Focus on: (1) the Owner vs Custodian distinction — the single most-tested concept; (2) classification drives controls — every control decision traces back to classification; (3) SSD destruction — overwriting unreliable, use cryptographic erasure; (4) legal hold overrides everything — you cannot delete data once a hold is issued. For FinTech Company X context: map every concept to Platform C/Platform B/Partner C and your regulatory obligations under Decree 13/2023 and DPA 2012.