CISSP: Asset Security

(Protecting the Security of Assets)

This domain deals with the:

  • collection
  • handling
  • protection

of information  throughout a lifecycle.  This is first done by understanding the classification of the asset which will be the basis for controls.

Several roles will be discussed with regards to ownership as it relates to:

  • information
  • systems
  • business process

Over the last several years, the collection and storage of digitized personal information has resulted in increased privacy considerations.

Concepts will be explored to include

  • data owners
  • data processors
  • data remenence
  • data limitations
  • data collection
  • data storage
  • data retention

This domain now explores:

  • baselines
  • scoping
  • tailoring
  • standards selection
  • cryptography
  • data storage
  • data labeling
  • data destruction


Do NOT attempt the exam until you thoroughly understand the following CIB/CBK topics.

  • Classify Information and Supporting Assets
  • Determine and Maintain Ownership
  • Protect Privacy
  • Ensure appropriate retention
  • Determine data security controls
  • Establish handling Requirements

Leave Comment

Your email address will not be published. Required fields are marked *