Identification of Vulnerability & Threats Identification of vulnerability & threats is one of most important the aspects of CISSP training course. Vulnerability A vulnerability is a weakness in a system or its design. Classifying vulnerabilities helps in identifying its impact on the system. Vulnerability greatly increases the risk of the organization's assets. Policy [...]
Personal Security Personal security policies concern people associated with the organization, such as employees, contractors, consultants, and users. Personal security is one of the aspects of CISSP training course. Personnel security plays a vital role in protecting an organization's valuable assets. Therefore, the organization must have policies regarding the security of its personnel. These [...]
Business Continuity Requirements Business continuity requirements, ensures the continuity of IT operations that is maintained from the primary or alternate locations during an incident or disastrous events.Business continuity requirements are based on the business continuity planning (BCP). Develop and Document Scope and Plan Business Continuity Planning (BCP) BCP aims to prevent interruptions to operations [...]
Security Policies & Standards A person who intends to obtain CISSP certificate must be well aware of the differences and relationships between the following: Policies Standards Guidelines Procedures 1- Policy: A security policy is a written document in an organization outlining how to protect the organization from threats and how to handle situations when [...]
Security Concepts Asset: An asset is anything valuable to an organization. It may vary from tangible items (people, computers) to intangible items (as example Bank accounts, database information). Read more about tangible Items and intangible items Valuable Information Assets: Security of these assets is an important aspect of information security environment. Greater value assets [...]
Professional Ethics Ethical behavior and professional is a requirement for maintaining your CISSP certification because the profession of information security is based on trust. Professionals may be handling sensitive or confidential information. Ethically sound and professional ethics need to be adhered by the professionals. Two important points to keep in mind: Unethical activity doesn’t [...]
Security and Risk Management Domain This domain represents 15 percent of the CISSP certification exam. This section has covers about the following: Ownership Security Policies and Procedures Business Continuity Planning Risk Management Security Education Training Awareness Information or data is an important asset of an organization. This page and next pages covers the [...]
Information Security Triad Information Security is based on three main factors (Also Called Information Security Triad). Confidentiality, Integrity and Availability, these are abbreviated as CIA. In this section of this tutorial, we'll take a look at Information security triad to help you understand the aspects of Information security triad. Confidentiality: Assures that data is secured [...]
CISSP (Certified Information Systems Security Professional) is a course and exam offered by ISC2. There are a collection of topics that are called CISSP CBK (Common Body of Knowledge). There are 8 domains in CISSP exam: Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security Identity and Access Management [...]