Security Architecture & Engineering Domain This domain cover the concepts, fundamental principles, basic architectures, and standards required to design a secure architecture. This domain represents 13 percent of the CISSP certification exam. The main topics in this domain are: Security models and concepts Information systems security models Security capabilities of information systems Vulnerabilities in [...]
Establish Handling Requirements Handling, sharing, and allowing access to an asset or a set of assets need to be ensured by the confidentiality, integrity, and availability requirements. In this part of this tutorial, we'll take a look at establishing handling requirements to help you understand the aspects of establishing handling. Appropriate policies and procedures [...]
Determine Data Security Controls Data security controls employed by the states of data, standards, scoping, tailoring, and data protection methods. Data exists in one of three states: Data at rest: Data that lives in external or auxiliary storage devices, such as hard disk drives (HDDs), solid-state drives (SSDs), optical discs (CD/DVD), or even on [...]
Ensuring Appropriate Retention One of the important aspects of cyber security is Ensure Appropriate Retention. In this part of this tutorial, we'll take a look at ensuring appropriate retention to help you understand the different aspects of appropriate retention. An asset in the form of data may store in digital media and hard. Data [...]
Protect Privacy In this part of this tutorial, we'll take a look at protecting privacy to help you understand the different aspects of protecting privacy. One of the important aspects of cyber security is protecting privacy. The requirement for data privacy, is to share personal data securely to authorized parties depending upon the requirement. [...]
Determine and Maintain Ownership In this part of this tutorial, we'll take a look at maintaining ownership to help you understand the different aspects of determine and maintain ownership. Each individual performs various roles in securing an organization’s assets. One of the important aspects of cyber security is maintaining ownership. Organizations should explicitly define [...]
Asset Security Domain Review This domain focuses on protecting information assets. Information is the worthiest asset to an organization. The information’s value, determines the level of protection required by the organization. Asset security is one of most important the aspects of CISSP training course. A data classification scheme helps an organization assign a value [...]
Threat Modeling A categorization model, which describes the threats to an organization, and why and how these threats become vulnerable. Threat modeling, is attack-centric. Threat modeling is usually applied to software applications, but it can be used for operating systems, and devices. Threat modeling also helps design architects to identify the threats, potential security [...]
Security Control Assessment Security Control Assessment that ensures that the security policies enforced in an organization are meeting their goals and objectives. CSA also reports about the quality of risk management processes including incident response action plans. A well-executed assessment process of security control provides inputs to enhance the running security control, [...]