TO APPLY AND ENFORCE effective asset security, you must concentrate on inventorying all sources of value, called assets. Assets can be tangible or intangible, existing in the form of information stores, databases, hardware, software, or entire networks.

In this domain, we cover significant elements of strategy to identify, categorize, secure, and monitor those assets throughout the information lifecycle. Although assets can also be buildings and real estate, those are not within the scope of this domain — physical security is substantially addressed in Chapter 7, “Security Operations.” This chapter will focus on the best policies, practices, and methods to properly assure the confidentiality, integrity, and availability ...