Phase 2: Domain 2 — Asset Security
Phase 2: Domain 2 — Asset Security (10%)
Timeline: Apr 12-18 (Week 2)
Smallest exam weight but covers data classification, handling, retention, and privacy — concepts that intersect with your HIPAA work at CHLA.
Key Concepts
Data Classification
-
Government: Top Secret → Secret → Confidential → Unclassified
-
Commercial: Confidential → Private → Sensitive → Public
-
Data owner (executive), data custodian (IT), data processor (third party)
Data States
-
Data at rest (encrypted storage — your age/gopass/Vault)
-
Data in transit (encrypted channels — your EAP-TLS, Vault TLS)
-
Data in use (memory protection, process isolation)
Data Lifecycle
-
Create → Store → Use → Share → Archive → Destroy
-
Retention policies: legal holds, regulatory requirements (HIPAA: 6 years)
-
Destruction methods: degaussing, shredding, crypto-shredding, overwriting
Privacy
-
PII (Personally Identifiable Information)
-
PHI (Protected Health Information) — your CHLA daily reality
-
Data minimization, purpose limitation, consent
-
Privacy impact assessment (PIA)
-
DPO (Data Protection Officer) — GDPR requirement
Handling Requirements
-
Labeling, marking, handling procedures per classification
-
Scoping and tailoring controls to data sensitivity
-
Baseline security controls
Practice Questions
25 questions/day from Official Practice Tests — Domain 2 section.
| Check | Status |
|---|---|
Read Study Guide Chapter 5 (Asset Security) |
[ ] |
Watch Destination Certification MindMap — Domain 2 |
[ ] |
Mapped CHLA PHI handling to Domain 2 concepts |
[ ] |
Data classification scheme understood |
[ ] |
Data lifecycle and destruction methods memorized |
[ ] |
25+ practice questions completed (Domain 2) |
[ ] |