
Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
CISSP domain 1 cheat sheet. this provide information on domain 1.
Typology: Cheat Sheet
1 / 1
This page cannot be seen from the preview
Don't miss anything!
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. Note ā Encryption (At transit ā TLS) (At rest - AES ā 256)
Guarding against improper information modification or destruction and includes ensuring information non-repudiation and authenticity.
Ensuring timely and reliable access to and use of information by authorized users.
*Citation: https://www.isc2.org/Certifications/CISSP/CISSP-Student-Glossary
Separation of Duties
Mandatory Vacations
Job Rotation
Least Privileges
Need to know Dual Control
Opposite of Confidentiality Opposite of Integrity^ Opposite of Availability
Verification of privileges and permissions for authenticated user
Only authorized users are accessing and use the system accordingly
Tools, processes, and activities used to achieve and maintain compliance
Strategic Plan up to 5 Years Risk Assessment Tactical Plan Maximum of 1 year Project budget, staffing etc
Operational Plan A few months
Patching computers Updating AV signatures Daily network administration
*Citation: https://resources.infosecinstitute.com/category/certifications-traini ng/cissp/domains/security-and-risk-management/
Solution ā Keep risks at a tolerable and acceptable level. Risk management constraints ā Time, budget
*Citation: https://resources.infosecinstitute.com/category/certifications-training/cissp/domains /security-and-risk-management/
Security Policies Security Personnel Logs Alarms Backups Security Cameras Guards Security Cameras Antivirus Solutions Server Clustering Callback Security Cameras Intrusion Detection Systems Intrusion Detection Systems Fault Tolerant Drive Systems Security Awareness Training Separation of Duties Honey Pots Business Continuity Plans Database Shadowing Job Rotation Intrusion Alarms Audit Trails Antivirus Software Encryption Awareness Training Mandatory Vacations Data Classification Firewalls
Smart Cards Encryption
Security and Risk Management
Asset Security
Security Engineering
Communications and Network Security
Identity and Access Management
Security Assessment and Testing
Security Operations
Software Development Security
Categorize, Classify & Evaluate Assets
Qualitative vs Quantitative Reduce, Transfer, Accept
Annual Loss Expectancy = SLE*ARO
ISO 17799 & 2700 Series
COBIT & COSO
OCTAVE
ITIL