Security School

Get started Bring yourself up to speed with our introductory content.

CISSP Domain 2: Asset security

In this Security School, learn the best uses for different data encryption methods, establish ownership of data and apply data security controls.


Journalists know that a well-written news story should answer these six questions: Who, what, when, where, why and how? As it turns out, they’re just as crucial for infosec pros to consider when protecting information assets. Who owns the data? What is the best way to encrypt it? When should you do a data audit? Where is the data located, onsite or in the cloud or both? Why is one type of data classified differently from another? How can you ensure confidentiality, integrity and availability are continually maintained? 

In this Security School, based on (ISC)² CISSP training material on Domain 2 of the exam, learn about various data encryption methods, the ins and outs of data ownership and best practices for securing enterprise data. In his tip and video, expert Adam Gordon discusses core principles of what the CISSP categorizes as Asset Security in Domain 2. Information asset protection requires a nuanced, thoughtful approach that takes all stakeholders and requirements into account, Gordon explains.

Once you've reviewed the parts of this Security School, take the quiz to see how much you have learned about data encryption methods and what it means to practice good data management.  

View our Security School Course Catalog to view more lessons.

CISSP® is a registered mark of (ISC)².

1Learning links-

Understanding data encryption methods, data ownership and more

You wouldn't secure the front door of your home with a bike lock and then give every neighbor a spare key. Similarly, securing data requires a careful approach that is tailored for the discrete needs of different stakeholders and use cases.


Identify and maintain ownership of data: A guide for CISSPs

CISSPs must lead the way in driving good data management, which begins with defining data ownership and access policies. Learn more in this video with infosec expert Adam Gordon. Continue Reading


How to use data encryption tools and techniques effectively

Data protection does not have a one-size-fits-all solution. Understand which encryption tools and methods best fit different scenarios. Continue Reading


CISSP Domain 2 quiz: Data security control, asset protection

Domain 2 of the CISSP exam, known as asset security, covers data security control, classification, ownership and more. Test your knowledge with this 10-question practice quiz. Continue Reading

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.