Summary: Cissp All-In-One Exam Guide, Eighth Edition | 9781260142655 | Fernando Maymi, et al

Read the summary and the most important questions on CISSP All-in-One Exam Guide, Eighth Edition | 9781260142655 | Fernando Maymi; Shon Harris

• 1 Domain 1: Security and Risk Management

  This is a preview. There are 1 more flashcards available for chapter 1
  Show more cards here

• Domain 1: This domain covers many of the foundational concepts of Information systems security. Some of the topics covered include:

  1. The principles of confidentiality, integrity, and availability
  2. Security governance and compliance
  3. Legal and regulatory issues
  4. Professional ethics
  5. Personnel security policies
  6. Risk management
  7. Threat modeling
  8. Business continuity and disaster recovery
  9. Protection control types
  10. Security frameworks, models, standards, and best practices
  11. Intellectual property
  12. Data breaches

• Which security laws, regulations or standards you can name?

  1. SOX (Sarbanes-Oxley)
  2. GLBA (Gramm-Leach-Bliley Act)
  3. PCI DSS (Payment Card Industry Data Security Standard)
  4. HIPAA (Health Insurance Portability and Accountability Act)
  5. FISMA (Federal Information Security Management Act)

• For what reasons computers or networks are being breached?

  1. Steal business customer data for identity theft or bank fraud
  2. Company secrets are being stolen for economic espionage purposes
  3. Systems being hijacked and used within botnets to attack other organizations or spread spam 
  4. Company funds are being secretly siphoned off through complex and hard-to-identify digital methods, by organized criminals
  5. Attack on organizations to bring down their systems and websites

• What facets does an enterprice-wide security program consist of?

  1. Technologies
  2. Procedures
  3. Processes

• Why it's important to be a well rounded security professional?

  Because the most security programs excel within the disciplines that the team is most familiar with, and the other disciplines are found lacking. It's your responsibility to identify these shortcomings (deficiencies).

• Which 2 key terms are the essence of work as security professionals?

  1. Security
  2. Risk

• 1.1 Fundamental Principles of Security

• What are the core goals of security?

  AIC triad or CIA triad protection for critical assets
  1. Availability
  2. Integrity
  3. Confidentiality

• 1.1.1 Availability

  This is a preview. There are 1 more flashcards available for chapter 1.1.1
  Show more cards here

• What are the goals of Availability protection?

  This ensures reliability and timely access to data and resources to authorized individuals. Network devices, computers and applications should provide adequate functionality to perform in a predictive manner with acceptable performance.

• What network pieces need to be protected to stay up and running?

  1. Routers
  2. Switches, 
  3. DNS servers
  4. DHCP servers
  5. Proxies
  6. Firewalls
  7. Etc..

• What software pieces need to be protected to stay up and running?

  1. Operating systems
  2. Applications
  3. Antimalware software
  4. Etc...