CISSP 8 Domains Flashcards

Certified Information Systems Security Professional

1
Q

security and risk management

A

Security and risk management focuses on defining security goals and objectives, risk mitigation, compliance, business continuity, and the law.

EX: update company policies related to private health information if a change is made to a federal compliance regulation I.E. HIPPA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

asset security

A

securing digital and physical assets. It’s also related to the storage, maintenance, retention, and destruction of data.

EX: making sure that old equipment is properly disposed of and destroyed, including any type of confidential information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

security architecture and engineering

A

optimizing data security by ensuring effective tools, systems, and processes are in place.

EX: may be tasked with configuring a firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

communication and network security

A

managing and securing physical networks and wireless communications.

EX: analyze user behavior within your organization. Imagine discovering that users are connecting to unsecured wireless hotspots.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

identity and access management

A

keeping data secure, by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications.

EX: Validating the identities of employees and documenting access roles are essential to maintaining the organization’s physical and digital security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

security assessment and testing

A

conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities.

EX: conduct regular audits of user permissions, to make sure that users have the correct level of access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

security operations

A

conducting investigations and implementing preventative measures.

EX: receive an alert that an unknown device has been connected to your internal network. You would need to follow the organization’s policies and procedures to quickly stop the potential threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

software development security

A

secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services.

EX: may work with software development teams to ensure security practices are incorporated into the software development life-cycle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly