"Not a lot of people I see can keep up with my pace of work – you’re coming real close to a professional’s sense of drive and discipline."– Luke Ahmed

Today is Day 23 of Yihenew’s CISSP study plan, focusing on Asset Security — a domain that underpins how information and resources are classified, handled, and protected throughout their lifecycle.

Key Areas Covered:

• Asset Classification — information is labeled according to sensitivity: Public, Internal, Confidential, Secret, Top Secret (labels vary by organization).

• Ownership — every information asset has an owner (responsible for classification) and custodians (responsible for implementing controls).

• Handling & Protection — controls differ depending on classification: encryption, access restrictions, secure destruction.

• Data Lifecycle — creation, storage, use, sharing, archiving, and destruction. Security must apply at each phase.

• Marking & Labeling — physical and digital labeling ensures proper handling by employees and third parties.

• Retention & Disposal — retention schedules balance regulatory compliance with minimizing risk exposure. Secure wiping, degaussing, and shredding ensure data is unrecoverable.

• CISSP Exam Tie-In — questions test whether you can connect classification decisions to risk management, not just recite labels.

In this CISSP study plan session, Yihenew explored how classifying assets correctly upfront drives all downstream controls. If you get classification wrong, your security program is built on sand.

Quick CISSP Practice Question

Who is ultimately responsible for classifying organizational data?

A. Data Owner

B. Data Custodian

C. System Administrator

D. Security Manager

✅ Correct Answer: A. Data Owner

Explanation:

• Data Owners decide classification levels and are accountable for appropriate protection.

• Custodians (often IT) implement the controls, but they don’t decide classification.

• System Administrators and Security Managers support the process, but responsibility remains with the owner.

• 
  

Think Like a Manager: CISSP wants you to link accountability to the role with authority over the data, not the person running backups or configuring servers. On the exam, the answer usually rests on who owns the business risk tied to that data.

Check out Yani's TikTok or see Day 22 or Day 24.

👉 Can you take the Yani Challenge?

55 days of consistent CISSP prep, tackling one domain at a time, using only the resources below:

Course

Luke's CISSP Course (2 months access, $89.98)

One-to-one Zoom sessions with Luke Ahmed (2 weeks before exam)

Books, Notes, and Practice Questions

All-In-One Study Guide by Shon Harris (Around $45)

Sybex 10th Edition (Around $52.55)

Official CISSP Practice Tests, 4th Edition by Mike Chapple & David Seidl (Around $35)

How To Think Like A Manager for the CISSP Exam ($29.99)

Total Cost: approxiamately $250 depending on your geographic location. Yani is located in East Africa.

📚 Study Plan (55 Days of Dedication):

- Weekdays: 2–3 hours of focused study—late nights and early mornings (5 AM).

- Weekends: 5–6 hours of deep study sessions.

Pass CISSP in first attempt within 100 questions.

Yani's biggest expense was his time, committment, consistency, and dedication! It was worth it because he passed first attempt in 100 questions using the above resources only.

If Yihenew could do it, so can you.

All the best Future CISSP. You can feel free to contact me anytime as well.

Thank you.

Luke Ahmed