Tokenization replaces sensitive data with a randomly generated placeholder called a token. The token has no mathematical relationship to the original data, so stealing it provides no value to an attacker. A secured token vault maintains the mapping between tokens and original values.
Tokenization is central to PCI DSS compliance. When a retailer stores your credit card for future purchases, they typically store a token issued by the payment processor. A breach of the retailer’s database yields only useless tokens.
CISSP Relevance
Tokenization appears in Domain 2 (Asset Security) and Domain 3 (Security Architecture and Engineering). CISSP candidates must understand how tokenization differs from encryption and when each approach is appropriate.
External reference: PCI Security Standards Council Tokenization Guidelines
Related terms: Encryption, Data Classification