Asset Security (Protecting Security of Assets) Information and asset classification Ownership (e.g. data owners, system owners) Protect privacy Appropriate retention Data security controls Handling requirements (e.g. markings, labels, storage)
