This is the content of Assets Security of CISSP®
This domain 2 is worth 10% of the grade to be achieved
Domain 2 of CISSP®
Content updated according to the new official programme for 2024
| N° | Description |
|---|---|
| 2.1 | Identify and classify Information and assets |
| 2.1.1 | Data Classification |
| 2.1.2 | Asset Classification |
| 2.2 | Establish information and asset handling requirements |
| 2.3 | Provision resources securely |
| 2.3.1 | Information and asset ownership |
| 2.3.2 | Asset inventory (eg, tangible, intangible) |
| 2.3.3 | Asset management |
| 2.4 | Manage data lifecycle |
| 2.4.1 | Data roles (ie, owners, controllers, custodians, processors, users/subjects) |
| 2.4.2 | Data collection |
| 2.4.3 | Data location |
| 2.4.4 | Data maintenance |
| 2.4.5 | Data retention |
| 2.4.6 | Data remanence |
| 2.4.7 | Data Destruction |
| 2.5 | Ensure appropriate asset retention (eg, End-of-Life (EOL), End-of-Support (EOS) |
| 2.6 | Determine Data security controls and compliance requirements |
| 2.6.1 | Data states (eg, in use, in transit, at rest) |
| 2.6.2 | Scoping and tailoring |
| 2.6.3 | Standards Selection |
| 2.6.4 | Data protection methods (eg,Digital Rights Management (DRM),Data Loss Prevention (DLP), Cloud Access Security Broker (CASB) |