Threat Modeling A categorization model, which describes the threats to an organization, and why and how these threats become vulnerable. Threat modeling, is attack-centric. Threat modeling is usually applied to software applications, but it can be used for operating systems, and devices. Threat modeling also helps design architects to identify the threats, potential security [...]
Security Control Assessment Security Control Assessment that ensures that the security policies enforced in an organization are meeting their goals and objectives. CSA also reports about the quality of risk management processes including incident response action plans. A well-executed assessment process of security control provides inputs to enhance the running security control, [...]
Identification of Vulnerability & Threats Identification of vulnerability & threats is one of most important the aspects of CISSP training course. Vulnerability A vulnerability is a weakness in a system or its design. Classifying vulnerabilities helps in identifying its impact on the system. Vulnerability greatly increases the risk of the organization's assets. Policy [...]
Personal Security Personal security policies concern people associated with the organization, such as employees, contractors, consultants, and users. Personal security is one of the aspects of CISSP training course. Personnel security plays a vital role in protecting an organization's valuable assets. Therefore, the organization must have policies regarding the security of its personnel. These [...]
Business Continuity Requirements Business continuity requirements, ensures the continuity of IT operations that is maintained from the primary or alternate locations during an incident or disastrous events.Business continuity requirements are based on the business continuity planning (BCP). Develop and Document Scope and Plan Business Continuity Planning (BCP) BCP aims to prevent interruptions to operations [...]
Security Policies & Standards A person who intends to obtain CISSP certificate must be well aware of the differences and relationships between the following: Policies Standards Guidelines Procedures 1- Policy: A security policy is a written document in an organization outlining how to protect the organization from threats and how to handle situations when [...]
Security Concepts Asset: An asset is anything valuable to an organization. It may vary from tangible items (people, computers) to intangible items (as example Bank accounts, database information). Read more about tangible Items and intangible items Valuable Information Assets: Security of these assets is an important aspect of information security environment. Greater value assets [...]
Professional Ethics Ethical behavior and professional is a requirement for maintaining your CISSP certification because the profession of information security is based on trust. Professionals may be handling sensitive or confidential information. Ethically sound and professional ethics need to be adhered by the professionals. Two important points to keep in mind: Unethical activity doesn’t [...]
Legal & Regulatory Issues Today, one of the important aspects of cyber security is legal & regulatory issues. The following list of issues, may have legal or regulatory implications and lead to civil or criminal liability on the part of an organization. Cyber Crime Criminal activities committed over communication networks, such as the Internet, Telephone, [...]