# Data Encryption Overview (Asset Security) One-sentence definition: Applying cryptography to protect confidentiality (and integrity) across data states. ## Key Facts - At rest: FDE, database/table/field encryption, object storage SSE/CSE. - In transit: TLS, IPsec, mTLS; cert lifecycle matters. - In use: TEEs/secure enclaves and application-level controls. - Choose scope: platform vs application encryption; key separation. - Performance and usability trade-offs; cache considerations. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Pick encryption placement to meet requirements. **Mnemonic:** “Encrypt early, keep keys safe.” ## Mini Scenario Q: Multi-tenant SaaS needs tenant isolation—what helps? A: Per-tenant keys with strong KMS segregation. ## Revision Checklist - Name encryption options per state. - Explain platform vs app encryption trade-off. - List one tenancy isolation control. ## Related [[Key Management Basics (Asset Security)]] · [[Cloud Data Protection (SaaS, PaaS, IaaS)]] · [[Tokenization]] · [[Pseudonymization vs Anonymization]] · [[Data States: At Rest, In Transit, In Use]] · [[Domain 2 - Index]]