Summary CISSP All-in-One Exam Guide, Eighth Edition

ISBN-10 1260142655 ISBN-13 9781260142655
221 Flashcards & Notes
1 Students
  • This summary

  • +380.000 other summaries

  • A unique study tool

  • A rehearsal system for this summary

  • Studycoaching with videos

Remember faster, study better. Scientifically proven.

This is the summary of the book "CISSP All-in-One Exam Guide, Eighth Edition". The author(s) of the book is/are Fernando Maymi Shon Harris. The ISBN of the book is 9781260142655 or 1260142655. This summary is written by students who study efficient with the Study Tool of Study Smart With Chris.

Summary - CISSP All-in-One Exam Guide, Eighth Edition

  • 1 Domain 1: Security and Risk Management

  • Domain 1: This domain covers many of the foundational concepts of Information systems security. Some of the topics covered include:
    1. The principles of confidentiality, integrity, and availability
    2. Security governance and compliance
    3. Legal and regulatory issues
    4. Professional ethics
    5. Personnel security policies
    6. Risk management
    7. Threat modeling
    8. Business continuity and disaster recovery
    9. Protection control types
    10. Security frameworks, models, standards, and best practices
    11. Intellectual property
    12. Data breaches
  • Which security laws, regulations or standards you can name?
    1. SOX (Sarbanes-Oxley)
    2. GLBA (Gramm-Leach-Bliley Act)
    3. PCI DSS (Payment Card Industry Data Security Standard)
    4. HIPAA (Health Insurance Portability and Accountability Act)
    5. FISMA (Federal Information Security Management Act)
  • For what reasons computers or networks are being breached?
    1. Steal business customer data for identity theft or bank fraud
    2. Company secrets are being stolen for economic espionage purposes
    3. Systems being hijacked and used within botnets to attack other organizations or spread spam 
    4. Company funds are being secretly siphoned off through complex and hard-to-identify digital methods, by organized criminals
    5. Attack on organizations to bring down their systems and websites
  • What facets does an enterprice-wide security program consist of?
    1. Technologies
    2. Procedures
    3. Processes
  • Why it's important to be a well rounded security professional?
    Because the most security programs excel within the disciplines that the team is most familiar with, and the other disciplines are found lacking. It's your responsibility to identify these shortcomings (deficiencies).
  • Where is CISSP standing for?
    Certified Information System Security Professional
  • Which 2 key terms are the essence of work as security professionals?
    1. Security
    2. Risk
  • 1.1 Fundamental Principles of Security

  • What are the core goals of security?
    AIC triad or CIA triad protection for critical assets
    1. Availability
    2. Integrity
    3. Confidentiality
  • 1.1.1 Availability

  • What are the goals of Availability protection?
    This ensures reliability and timely access to data and resources to authorized individuals. Network devices, computers and applications should provide adequate functionality to perform in a predictive manner with acceptable performance.
  • What network pieces need to be protected to stay up and running?
    1. Routers
    2. Switches, 
    3. DNS servers
    4. DHCP servers
    5. Proxies
    6. Firewalls
    7. Etc..
  • What software pieces need to be protected to stay up and running?
    1. Operating systems
    2. Applications
    3. Antimalware software
    4. Etc...
  • What environmental aspects can harm assets?
    1. Fire
    2. Flood
    3. HVAC issues
    4. Theft
    5. Attacks
  • 1.1.2 Integrity

  • when will integrity be maintained?
    When the assurance of the accuracy and reliability of information and systems is provided and any unauthorized modification is prevented.
  • How can an attacker compromise the integrity of systems or data?
    1. Virus
    2. Logic Bomb
    3. Backdoor    
    into a system
  • In what ways can the integrity of a system or data being compromised by different attacks?
    1. By a way of corruption
    2. Malicious modification
    3. Replacement of data with incorrect data
  • What instrument you can use to combat threats like corruption, malicious modification or the replacement of data with incorrect data?
    1. Strict access controls
    2. Intrusion detection
    3. Hashing
  • How does most users usually affect a systems data integrity?
    By mistake, although internal users may also commit malicious deeds.
  • Name examples of users compromising integrity by accident.
    1. User deletes configuration files because of lack of disk space
    2. User inserts incorrect values into data-processing application, now customer is being charged 3000 euro instead of 30 euro.
    3. Incorrectly modifying data
  • How can security prevent the compomise of integrity?
    1. Give only certain choices to make for users to minimize the errors that can occur.
    2. System critical file should be restricted from viewing and access by users
    3. Applications should check for reasonable input values.
    4. Databases should only authorize certain individuals to modify data
    5. Data in transit should be encrypted
Read the full summary
This summary. +380.000 other summaries. A unique study tool. A rehearsal system for this summary. Studycoaching with videos.

Latest added flashcards

In which year was the COSO IC framework released and last updated?
released in 1992 and last updated in 2013
Where does COSO stand for?
Committee Of Sponsoring Organizations
Where was COBIT derived from?
From the COSO Internal Control - Integrated Framework.
Which control categories are being used by the government described within the NIST SP 800-53?
Management, Technical, Operational
What do government auditors use as a checklist and for what reason?
They are using the NIST SP 800-53 for a checklist approach to evaluating if an organization is compliant with regulations.
Who uses the NIST SP 800-53 and why?
Government agencies are using this documents to be compliant with the Federal Information Security Management Act of 2002 (FISMA)
What is the NIST SP 800-53 about?
This is a publication 'Special Publication 800-53' "Security and Privacy Controls for Federal Information Systems and Organizations"
Where does NIST stand for?
National Institute of Standards and Technology
Where is COBIT used by?
The private sector
Is COBIT purely security focused
No, it deals with all aspects of information technology. Security is only one aspect.