Table of Contents

• Key Terms & Definitions
• Key Areas
• Asset Security Mindmap
• Domain 02_Practice Tests
• Domain 02: Flashcard
• Resources
• Credits & Disclaimer
• Contribution
• Related Mindmaps

CISSP Mindmap – Domain 02: Asset Security

A comprehensive CISSP Mindmap Series will include all 8 Domains. This collection is designed to equip prospective CISSP professionals with essential resources for exam preparation, training and reference.

• Asset Classification: Asset classification involves protecting them according to their value to the company. The owners of a company’s assets know their value best and should protect them.
• Classification: Classification arranges values in a hierarchical fashion. The most valuable classes to an organization are confidential, followed by proprietary, while the least valuable classes are public. Classes are selected by various organizations according to their requirements. Organizations utilize several classification schemes, therefore it’s not a good idea to commit any one to memory.
• Security Label: Security Labels are used to correlate security attributes with an information object’s data structure. Labels are read by the system to determine data classification and protection.
• Security Marking: Security marking is similar to security label, Method for assigning security properties to objects in a human-readable format. Labels are read to comprehend data classification and protection.
• Data Owner / Controller: The data owner, or data controller, is the most important role because they protect the data. The owner will define the categorization for data and the owner is then accountable for ensuring the data is safeguarded correctly.
• Data Custodian: Data custodians manage data technically. Custodians ensure data security, availability, capacity, backups, and restoration. They handle data technicalities.
• Crypto shredding: Crypto shredding involves encrypting data with an effective algorithm like AES 256 and destroying every duplicate of the encryption key. Crypto shredded and unrecoverable data is achieved by destroying the encryption key. Shredding crypto is between purging and clearing. The data cannot be recovered if the key is never recovered, brute forced, or the algorithm is not flawed. It was cleaned up. If any of those are true, the data may be recovered and was cleared.
• Digital Rights Management: Digital Rights Management (DRM) protects digital media copyright holders. DRM methods encrypt films, music files, eBooks, etc., allowing control over who may play them, how often, on what device, and whether they can be printed. Copyright holders can create and enforce usage rules with DRM technologies.
• Data Loss Prevention: Data Loss Prevention (DLP) solutions protect sensitive data against loss, abuse, and unauthorized access. Companies can identify, monitor, and secure data in use, motion, and rest using DLP systems. Data classification is essential for DLP systems. DLP systems can’t prevent all data from leaking or being exploited, thus organizations need data classification to identify sensitive data.
• Mantrap: Preventive 2-door physical control. Each door requires separate form of authentication
• Bollard: A post designed to stop a car, typically in front of building entrances
• Smart Card: Physical access control device with integrated circuit
• Tailgating: Following an authorized person into a building without providing credentials
• Object Rescue: The act of recovering information from previously used objects (files, tapes, etc.)
• Deleting: Removes the entry from the FAT and marks the blocks unallocated (data remains)
• Formatting: Destroys the FAT and creates new one (data remains)
• Overwriting: Writes over every character of a file or disk (more secure)
• Shredding/Wiping: Overwrites file data before removing the FAT entry
• Degaussing: Destroys the integrity of magnetic media through using a strong magnetic field
• Destruction: Physically damages the media itself (incinerating, pulverizing, acid bath, etc.)

• Information and Asset Classification
• Ownership and Control of Assets
• Privacy Protection
• Data Security Controls
• Handling and Retention Policies
• Physical Security
• Asset Management
• Information and Asset Ownership

• CISSP Practice Set_01: Asset Security

• CISSP Flashcard_01: Asset Security

• (ISC)2 CISSP Official Study Guide (OSG) 9th Edition by Mike Chapple, James Michael Stewart, and Darril Gibson
  • Chapter 05, Pg179-218
• CISSP All-in-One Exam Guide, Ninth Edition by Fernando Maymi and Shon Harris
  • Part II, Pg213-253
• Eleventh Hour CISSP® Study Guide, Third Edition by Eric Conrad, Seth Misenar, Joshua Feldma
  • Domain-02, Pg33-46
• Destination Certification – A Concise Guide by Rob Witcher, John Berti, Lou Hablas, Nick Mitropoulos
  • Domain-02, Pg71-96

• The Official (ISC)2 CISSP CBK Reference, 6th Edition by Arthur Deane and Aaron Kraus

  • Domain-02, Pg97-144

• (ISC)2 CISSP Official Practice Tests by Mike Chapple and David Seidl
• How to Think Like a Manager for the CISSP Exam by Luke Ahmed
• Boson Practice Exam
• Study Notes and Theory (SNT) by Luke Ahmed

• Mike Chapple’s CISSP Cert Prep on LinkedIn Learning.
• Kelly Handerhan’s CISSP Prep Course on Cybrary
• Destination CISSP Mindmap Video
• Pete Zerger’s CISSP Exam Cram 
• Prabh’s Coffee Shots
• Luke Ahmed’s Study Notes and Theory (SNT) 

We express our gratitude to the below-mentioned authors, creators, and sources which have been referred for the creation of our Interactive CISSP Mindmap – Mike Chapple and David Seidl (OSG), Luke Ahmed (SNT), Pete Zerger (Exam Cram), Prashant Mohan (Memory Palace) , Prabh (Coffee shots), Rob Witcher (destcert.com/)  and M. Waleed Khaliq (CISSP Concepts Guide).This Mindmap has been meticulously created to ensure that information is shared effectively. This Mindmap aims to offer a thorough grasp of essential concepts with a dedication to assist enhanced learning experiences. We hope that this resource helps people absorb information more thoroughly, which will lead to a broader understanding of each CISSP domains and is freely available for all.

We have already included some reference images and short notes for most of the topics so that users can more effectively refer to the content in the mindmap. If you have any information, images, or notes that can make the mindmap more effective, please feel free to share them.

https://github.com/sajinshivdas/CISSP_Interactive_Mindmap/tree/main/CISSP_Domain_02

For issues and concern please feel free to raise a issue in Github link https://github.com/sajinshivdas/CISSP_Interactive_Mindmap/issues

Connect with me www.linkedin.com/in/sajin-shivdas