CISSP Domain 2: Asset security

Last updated:August 2017

Security School

Browse Sections

Editor's note

Journalists know that a well-written news story should answer these six questions: Who, what, when, where, why and how? As it turns out, they’re just as crucial for infosec pros to consider when protecting information assets. Who owns the data? What is the best way to encrypt it? When should you do a data audit? Where is the data located, onsite or in the cloud or both? Why is one type of data classified differently from another? How can you ensure confidentiality, integrity and availability are continually maintained? 

In this Security School, based on (ISC)² CISSP training material on Domain 2 of the exam, learn about various data encryption methods, the ins and outs of data ownership and best practices for securing enterprise data. In his tip and video, expert Adam Gordon discusses core principles of what the CISSP categorizes as Asset Security in Domain 2. Information asset protection requires a nuanced, thoughtful approach that takes all stakeholders and requirements into account, Gordon explains.

Once you've reviewed the parts of this Security School, take the quiz to see how much you have learned about data encryption methods and what it means to practice good data management.  

View our Security School Course Catalog to view more lessons.

CISSP® is a registered mark of (ISC)².

1Understanding data encryption methods, data ownership and more

You wouldn't secure the front door of your home with a bike lock and then give every neighbor a spare key. Similarly, securing data requires a careful approach that is tailored for the discrete needs of different stakeholders and use cases.

Enterprise Desktop
Cloud Computing