This domain represents 10% of the exam and addresses the collection, classification, handling, and protection of information assets throughout the information lifecycle. Important concepts include data ownership, privacy, data security controls, and cryptography.