A digital customer identity is the best example of an organizational asset in cyberspace because it exists, functions, and is protected within digital systems, networks, applications, and online services. ISO/IEC 27002 treats identities, authentication information, access rights, and digital accounts as critical security subjects because compromise of identity can enable unauthorized access, fraud, impersonation, privacy breaches, and loss of accountability. A digital customer identity can include usernames, identifiers, credentials, account attributes, authentication factors, access permissions, profile data, and linked personal information. Medical data and intellectual property are also important information assets, but the phrase “asset in cyberspace” points most directly to a digitally represented identity used for electronic interaction. ISO/IEC 27002 contains several controls that protect this asset type, including identity management, authentication information, access rights, secure authentication, and access restriction. These controls ensure that identities are created, maintained, verified, modified, disabled, and removed in a controlled manner. The exam logic therefore favors option B because cyberspace emphasizes digital identity and online representation. References/Chapters: ISO/IEC 27002:2022, Control 5.16 Identity management; Control 5.17 Authentication information; Control 5.18 Access rights; Control 8.5 Secure authentication.
==========
Submit