Summary CISSP All-in-One Exam Guide, Eighth Edition Book cover image

Summary CISSP All-in-One Exam Guide, Eighth Edition

- Fernando Maymi, et al
ISBN-10 1260142655 ISBN-13 9781260142655
221 Flashcards & Notes
Scroll down to see the PDF preview!
  • This summary
  • +380.000 other summaries
  • A unique study tool
  • A rehearsal system for this summary
  • Studycoaching with videos
Remember faster, study better. Scientifically proven.
Trustpilot Logo

A snapshot of the summary - CISSP All-in-One Exam Guide, Eighth Edition Author: Fernando Maymi Shon Harris ISBN: 9781260142655

  • 1 Domain 1: Security and Risk Management

  • Domain 1: This domain covers many of the foundational concepts of Information systems security. Some of the topics covered include:
    1. The principles of confidentiality, integrity, and availability
    2. Security governance and compliance
    3. Legal and regulatory issues
    4. Professional ethics
    5. Personnel security policies
    6. Risk management
    7. Threat modeling
    8. Business continuity and disaster recovery
    9. Protection control types
    10. Security frameworks, models, standards, and best practices
    11. Intellectual property
    12. Data breaches
  • Which security laws, regulations or standards you can name?
    1. SOX (Sarbanes-Oxley)
    2. GLBA (Gramm-Leach-Bliley Act)
    3. PCI DSS (Payment Card Industry Data Security Standard)
    4. HIPAA (Health Insurance Portability and Accountability Act)
    5. FISMA (Federal Information Security Management Act)
  • For what reasons computers or networks are being breached?
    1. Steal business customer data for identity theft or bank fraud
    2. Company secrets are being stolen for economic espionage purposes
    3. Systems being hijacked and used within botnets to attack other organizations or spread spam 
    4. Company funds are being secretly siphoned off through complex and hard-to-identify digital methods, by organized criminals
    5. Attack on organizations to bring down their systems and websites
  • What facets does an enterprice-wide security program consist of?
    1. Technologies
    2. Procedures
    3. Processes
  • Why it's important to be a well rounded security professional?
    Because the most security programs excel within the disciplines that the team is most familiar with, and the other disciplines are found lacking. It's your responsibility to identify these shortcomings (deficiencies).
  • Which 2 key terms are the essence of work as security professionals?
    1. Security
    2. Risk
  • 1.1 Fundamental Principles of Security

  • What are the core goals of security?
    AIC triad or CIA triad protection for critical assets
    1. Availability
    2. Integrity
    3. Confidentiality
  • 1.1.1 Availability

  • What are the goals of Availability protection?
    This ensures reliability and timely access to data and resources to authorized individuals. Network devices, computers and applications should provide adequate functionality to perform in a predictive manner with acceptable performance.
  • What network pieces need to be protected to stay up and running?
    1. Routers
    2. Switches, 
    3. DNS servers
    4. DHCP servers
    5. Proxies
    6. Firewalls
    7. Etc..
  • What software pieces need to be protected to stay up and running?
    1. Operating systems
    2. Applications
    3. Antimalware software
    4. Etc...
Read the full summary
This summary. +380.000 other summaries. A unique study tool. A rehearsal system for this summary. Studycoaching with videos.
  • Higher grades + faster learning
  • Don't study anything twice
  • 100% sure, 100% understanding
Discover Study Smart