+380.000 other summaries
A unique study tool
A rehearsal system for this summary
Studycoaching with videos
Remember faster, study better. Scientifically proven.
Summary - CISSP All-in-One Exam Guide, Eighth Edition
1 Domain 1: Security and Risk Management
Domain 1: This domain covers many of the
foundationalconcepts of Information systems security. Some of the topicscovered include:1. The principles of confidentiality, integrity, and availability
3. Legal and
4. Professional ethics
5. Personnel security policies
6. Risk management
7. Threat modeling
8. Business continuity and disaster recovery
9. Protection control types
10. Security frameworks, models, standards, and best practices
11. Intellectual property
12. Data breaches
Which security laws, regulations or standards you can name?1. SOX (Sarbanes-Oxley)
2. GLBA (Gramm-Leach-Bliley Act)
3. PCI DSS (Payment Card Industry Data Security Standard)
4. HIPAA (Health Insurance Portability and Accountability Act)
5. FISMA (Federal Information Security Management Act)
For what reasons computers or networks are being breached?1. Steal business customer data for identity theft or bank fraud
2. Company secrets are being stolen for economic espionage purposes
3. Systems being hijacked and used within botnets to attack other organizations or spread spam
4. Company funds are being secretly siphoned off through complex and hard-to-identify digital methods, by organized criminals
5. Attack on organizations to bring down their systems and websites
What facets does an enterprice-wide security program consist of?1. Technologies
Why it's important to be a well rounded security professional?Because the most security programs excel within the disciplines that the team is most familiar with, and the other disciplines are found lacking. It's your responsibility to identify these shortcomings (deficiencies).
Where is CISSP standing for?Certified Information System Security Professional
Which 2 key terms are the essence of work as security professionals?1. Security
1.1 Fundamental Principles of Security
What are the core goals of security?
AICtriad or CIA triad protection for critical assets
What are the goals of Availability protection?This ensures reliability and timely access to data and resources to authorized individuals. Network devices, computers and applications should provide adequate functionality to perform in a predictive manner with acceptable performance.
What network pieces need to be protected to stay up and running?1. Routers
3. DNS servers
4. DHCP servers
What software pieces need to be protected to stay up and running?1. Operating systems
3. Antimalware software
What environmental aspects can harm assets?1. Fire
3. HVAC issues
when will integrity be maintained?When the assurance of the accuracy and reliability of information and systems is provided and any unauthorized modification is prevented.
How can an attacker compromise the integrity of systems or data?Inserting:
2. Logic Bomb
into a system
In what ways can the integrity of a system or data being compromised by different attacks?1. By a way of corruption
2. Malicious modification
3. Replacement of data with incorrect data
What instrument you can use to combat threats like corruption, malicious modification or the replacement of data with incorrect data?1. Strict access controls
2. Intrusion detection
How does most users usually affect a systems data integrity?By mistake, although internal users may also commit malicious deeds.
Name examples of users compromising integrity by accident.1. User deletes configuration files because of lack of disk space
2. User inserts incorrect values into data-processing application, now customer is being charged 3000 euro instead of 30 euro.
3. Incorrectly modifying data
How can security prevent the compomise of integrity?1. Give only certain choices to make for
usersto minimizethe errors that can occur.
2. System critical file should be restricted from viewing and access by
3. Applications should check for reasonable input values.
Databasesshould only authorize certain individuals to modifydata
5. Data in transit should be
Read the full summary
This summary. +380.000 other summaries. A unique study tool. A rehearsal system for this summary. Studycoaching with videos.
Latest added flashcards
In which year was the COSO IC framework released and last updated?
released in 1992 and last updated in 2013
Where does COSO stand for?
Committee Of Sponsoring Organizations
Where was COBIT derived from?
From the COSO Internal Control - Integrated Framework.
Which control categories are being used by the government described within the NIST SP 800-53?
Management, Technical, Operational
What do government auditors use as a checklist and for what reason?
They are using the NIST SP 800-53 for a checklist approach to evaluating if an organization is compliant with regulations.
Who uses the NIST SP 800-53 and why?
Government agencies are using this documents to be compliant with the Federal Information Security Management Act of 2002 (FISMA)
What is the NIST SP 800-53 about?
This is a publication 'Special Publication 800-53' "Security and Privacy Controls for Federal Information Systems and Organizations"
Where does NIST stand for?
National Institute of Standards and Technology
Where is COBIT used by?
The private sector
Is COBIT purely security focused
No, it deals with all aspects of information technology. Security is only one aspect.