Security Policies & Standards A person who intends to obtain CISSP certificate must be well aware of the differences and relationships between the following: Policies Standards Guidelines Procedures 1- Policy: A security policy is a written document in an organization outlining how to protect the organization from threats and how to handle situations when [...]
Security Concepts Asset: An asset is anything valuable to an organization. It may vary from tangible items (people, computers) to intangible items (as example Bank accounts, database information). Read more about tangible Items and intangible items Valuable Information Assets: Security of these assets is an important aspect of information security environment. Greater value assets [...]
Professional Ethics Ethical behavior and professional is a requirement for maintaining your CISSP certification because the profession of information security is based on trust. Professionals may be handling sensitive or confidential information. Ethically sound and professional ethics need to be adhered by the professionals. Two important points to keep in mind: Unethical activity doesn’t [...]
Legal & Regulatory Issues Today, one of the important aspects of cyber security is legal & regulatory issues. The following list of issues, may have legal or regulatory implications and lead to civil or criminal liability on the part of an organization. Cyber Crime Criminal activities committed over communication networks, such as the Internet, Telephone, [...]
Compliance Requirements Compliance Requirements is one of the aspects of CISSP training course. Following are some legal and legislative terms that are significant to the Information Security domain. 1- SPI: Sensitive Personal Information 2- PII: Personally Identifiable Information. According to NIST special publication 800-122, the Personally Identifiable Information (PII) is defined as: Any [...]
Organizational Roles & Responsibilities In an organization, the most important area for the management is the division of roles and responsibilities. On the other hand organization's structure, is the base for developing any organization. Structure of an organization is a chain of hierarchy, which divides the different roles and responsibilities among individuals associated with [...]
Security Principles of Governance Security Principles of governance is one of the most important aspects of CISSP training course. 1- Alignment of Security Function to Business Mission : Mission statement should be easy to understand and should explain that what the organization is? What it does? Why it exists? What methods does use [...]
Security and Risk Management Domain This domain represents 15 percent of the CISSP certification exam. This section has covers about the following: Ownership Security Policies and Procedures Business Continuity Planning Risk Management Security Education Training Awareness Information or data is an important asset of an organization. This page and next pages covers the [...]
Information Security Triad Information Security is based on three main factors (Also Called Information Security Triad). Confidentiality, Integrity and Availability, these are abbreviated as CIA. In this section of this tutorial, we'll take a look at Information security triad to help you understand the aspects of Information security triad. Confidentiality: Assures that data is secured [...]