Identification of Vulnerability & Threats Identification of vulnerability & threats is one of most important the aspects of CISSP training course. Vulnerability A vulnerability is a weakness in a system or its design. Classifying vulnerabilities helps in identifying its impact on the system. Vulnerability greatly increases the risk of the organization's assets. Policy [...]
Personal Security Personal security policies concern people associated with the organization, such as employees, contractors, consultants, and users. Personal security is one of the aspects of CISSP training course. Personnel security plays a vital role in protecting an organization's valuable assets. Therefore, the organization must have policies regarding the security of its personnel. These [...]
Business Continuity Requirements Business continuity requirements, ensures the continuity of IT operations that is maintained from the primary or alternate locations during an incident or disastrous events.Business continuity requirements are based on the business continuity planning (BCP). Develop and Document Scope and Plan Business Continuity Planning (BCP) BCP aims to prevent interruptions to operations [...]
Security Policies & Standards A person who intends to obtain CISSP certificate must be well aware of the differences and relationships between the following: Policies Standards Guidelines Procedures 1- Policy: A security policy is a written document in an organization outlining how to protect the organization from threats and how to handle situations when [...]
Security Concepts Asset: An asset is anything valuable to an organization. It may vary from tangible items (people, computers) to intangible items (as example Bank accounts, database information). Read more about tangible Items and intangible items Valuable Information Assets: Security of these assets is an important aspect of information security environment. Greater value assets [...]
Professional Ethics Ethical behavior and professional is a requirement for maintaining your CISSP certification because the profession of information security is based on trust. Professionals may be handling sensitive or confidential information. Ethically sound and professional ethics need to be adhered by the professionals. Two important points to keep in mind: Unethical activity doesn’t [...]
Legal & Regulatory Issues Today, one of the important aspects of cyber security is legal & regulatory issues. The following list of issues, may have legal or regulatory implications and lead to civil or criminal liability on the part of an organization. Cyber Crime Criminal activities committed over communication networks, such as the Internet, Telephone, [...]
Compliance Requirements Compliance Requirements is one of the aspects of CISSP training course. Following are some legal and legislative terms that are significant to the Information Security domain. 1- SPI: Sensitive Personal Information 2- PII: Personally Identifiable Information. According to NIST special publication 800-122, the Personally Identifiable Information (PII) is defined as: Any [...]
Organizational Roles & Responsibilities In an organization, the most important area for the management is the division of roles and responsibilities. On the other hand organization's structure, is the base for developing any organization. Structure of an organization is a chain of hierarchy, which divides the different roles and responsibilities among individuals associated with [...]