Asset Types Asset Classification Asset Storage Apply appropriate controls based on classification Data is more valuable than the media Asset Security Data Classification Type of Data Data Stakeholders Data Remanence Data left over after a removal and deletion process Data Destruction Scoping Portion of standards that will be applicable for organization Tailoring Customizing standards asContinue reading “Domain 2: Asset Security”
Tag Archives: CISSP
Domain 1: Security and Risk Management
CIA Triad: IAAA: Accounting: The action owner logs are reviewed for violations Non-repudiation: The action owner cannot deny his/her actions Governance(Not us): Management(Us): Principle: There are 2 types of principles: Standards and Frameworks There are many security frameworks and standards available for security implementation and guidance for any organization. A few examples are Protection MethodsContinue reading “Domain 1: Security and Risk Management”
Computer Crimes
Definition Cybercrimes are defined as “Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using moderntelecommunication networks such as the Internet through chat rooms, emails, notice boards, groups, and mobileContinue reading “Computer Crimes”
Compliance
Compliance means conforming to a rule, such as a specification, policy, standard, or law. For example: ISO 27001, PCI DSS, GDPR, HIPAA, etc. Need For Compliance: Protect the critical information Enforce control through written policy Understand the requirements for protecting organizational information Identify requirements for protecting organizational information Avoid inadequate implementation and enforcement; this canContinue reading “Compliance”
Security Controls
Security controls are the measures taken to safeguard an information system from attacks against the CIA of the information system. Security controls are selected and applied based on a risk assessment of the information system. The risk assessment process identifies systems threats and vulnerabilities, and then security controls are selected to reduce or mitigate risk.Continue reading “Security Controls”
CISSP
Certified Information Systems Security Professional The following certification is structured in 8 different domains: Security and Risk Management Asset Security Security Engineering Communication and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security Certification Path Minimum of 5 years of work experience in any 2 domain mentioned above. IfContinue reading “CISSP”
Security and Risk Management
Information Security Management Information security is the process of protecting information and information systems from the following: Unauthorized disclosure, access and use Destruction Deletion Modification Disruption Factors that impact information security Technology Platforms and tool used Network Connectivity Level of IT complexity New or emerging security tools Operational support for security Business Plan and EnvironmentContinue reading “Security and Risk Management”
