In Domain #2, we discuss Asset Security, and following on Domain #1, recall that Data (or Information) is an organization’s key asset, and that the asset may exist in various forms – not just paper, but those digital assets. Also recall that there are several factors that should be included when determining the true cost or value of the asset to the organization.
How would Data Classification and Data Retention policy help an organization protect the privacy of the customers, as well as maintain the security of the organization’s information?