CISSP DOMAIN 1 Flashcards
git r done
Security and Risk Management
Security terminology and Principles, Protection Control Types, Frameworks, Models, Standards, and best practices, Laws and Crimes, Intellectual Property, Data Breaches, Risk Management, Threat Modeling, Business Continuity, Disaster Recovery, Personnel Security, Security Governance
Two Key Concepts
Security and Risk
AIC Triad
Availability
Integrity
Confidentiality
Security Objectives
Availability
Confidentiality
Integrity
Protect Integrity
Access Controls
Intrusion Detection
Hashing
Availability
Reliability and timely access
Integrity
Assurance of the accuracy and reliability of information systems
Confidentiality
Necessary level of secrecy
Threats to Confidentiality
Network monitoring
Shoulder surfing
stealing password files
breaking encryption schemes
social engineering
How to maintain Confidentiality
Encryption
strict access control
data classification
training personnel
Availability Controls
RAID Clustering Load Balancing Redundant power and data line Colocation and offsite rollback Fail over
Integrity Controls
Hashing
Configuration Management
Change Control, Access Control
Software Digital Signing
Transmission cyclic redundancy check (CRC)
Confidentiality Controls
Encryption for data at rest
Whole Disk Encryption
Encryption for data in transit, (IPSEC, TLS, PPTP, SSH,)
Access Control
Encryption for data in transit
IPec
TLS
SSH,
Types of Access Control
Physical and Technical
Transmission CRC
Cyclic Redundancy Check
Vulnerability
Weakness in a system that allows a threat to compromise security
Threat
Potential Danger that can exploit a vulnerability
Threat agent
Person, Process, or employee
Risk definition
Likelihood of a threat source exploiting a vulnerability
Risk function
Ties vulnerability, threat, and likelihood of exploitation
Exposure
instance of being exposed to losses
Control or Countermeasure
Mitigates potential risk
Control functions
Reduce risk an organization faces