Please enable JavaScript.
Coggle requires JavaScript to display documents.
CISSP (Domain 01: Security and Risk Management (Risk Management (Threat…
CISSP
Domain 01: Security and Risk Management
Risk Management
Countermeasure
Exposure
Risk
Threat agent
Vunerability
Threat
Four primary types
Technical
Natural
Man made
Supply System
Internal
External
Loss
Security Concepts
CIA triad
Confidentiablity
Define
Secrecy - The unauthorized are unaware of the communication or info asset
Keep the secrets secret
Privacy - Confidentiality personally of identifiable information (PII)
Implemented
Access control and crypto
The attacker cannot get to the information to read it
The attacker cannot understand (if he can get to it)
Integrity
Define
The accuracy, authenticity, completeness and consistency of info
Integrity Verification - verify accuracy of the date at time of use
Integrity protection - Keep the bad guys away from the data
Implemented
Integrity protection: Access control and crypto
Integrity verification: Hashing and message digests
Availability
Define
Having the information accessible when it is needed
Implemented
Redundancy
Co-location
Fault tolerance
Valuable information assets
Customer list
R&D program, status, dirrection
Intellectual property
Tangible asset
Intangible asset
Financial information
Raw material sources, vendors
Personally identifiable information (PII)
Passport number
Driver's license number
Financial account number
Social security number
Employee number
Security Governance
Policies
Compliance
Legal and Regulatory issues
Professional Ethics
Risk Management
Personnel Security
Security Training and Awareness
Domain 08: Software Development Security
Domain 07: Security Operations
Domain 06: Security Assessment and Testing
Domain 05: Identity and Access Management(IAM)
Domain 03: Security Architecture and Engineering
Domain 02: Asset Security
Domain 04: Communication and Network Security