Posts

CISSP TERMS AND DEFINITIONS

 Domain 1: Security & Risk Management  CIA Traid   Confidentiality  Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. Note-Encryption (At transit - TLS)(At rest -AES-256).   Integrity Guarding against improper information modification or destruction and includes ensuring information or destruction and includes ensuring information or destruction and includes ensuring information non-repudiation and authenticity.   Availability Ensuring timely and reliable access to and use of information by authorized users.  D.A.D   Disclosure, Alteration and Destruction  Disclosure: Opposite of Confidentiality Alteration: Opposite of Integrity Destruction: Opposite of Availability Achieving CIA Best Practices Separation of Duties Mandatory Vacations Job Rotation Least Privileges Need to know Need to know Dual Control What is IAAAA? Identification: Unique user identification Authentication: Validati

CYBER BODY OF KNOWLEDGE

 1 Human, Organizational & Regulatory Aspects Risk Management and Governance 1.1 INTRODUCTION This knowledge Area will explain the fundamental principles of cyber risk assessment and management and their role in risk governance, expanding on these to cover the knowledge required to gain a working understanding of the topic and its sub-area. We begin by discussing the relationship between everyday risk and why this is important in today's interconnected digital world. We explain why, as humans, we need effective risk assessment and management principles to support the capture and communication of factors that may impact our values. We then move on to describe different perspectives on cyber risk assessment -from individual assets, to whole-system goals and objectives. We unpick some of the major risk assessment methods and highlight their main uses and limitations, as well as providing pointers to more detailed information. Security metrics are an ongoing topic of debate in the