Week 1 Flashcards
What year was the first edition of the CBK created?
jpresuello
1992
When was CISSP certification created?
jpresuello
1994
When was ISC2 established?
jpresuello
1989
What is the meaning of CISSP?
jpresuello
Certified Information Systems Security Professional
What does ISC2 mean?
jpresuello
International Information Systems Security Certification Consortium
Is CISSP a VENDOR NEUTRAL CERTIFICATION?
jpresuello
Yes
How many domains are covered in CISSP?
jpresuello
8 domains
What are the 3 specific functional areas of CISSP?
jpresuello
Architecture, Engineering, Management
What are the 8 knowledge Domains of CISSP
jpresuello
Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, Software Development Security
A documented set of your organization’s information security policies, procedures, tools, controls, guidelines, and standards.
jpresuello
Security Program
4 lifecycle of Security Program
jpresuello
- Plan & organize
- Implement
- Operate & Maintain
- Monitor & Evaluate
used to determine whether security is cost effective, relevant, timely and responsive to threats
jpresuello
Risk Analysis
Assign real and meaningful numbers (DOLLARS) to all elements of risk analysis process
jpresuello
Quantitative Risk Analysis
Rank the seriousness of the threats and the validity of the different possible countermeasures based on opinions
jpresuello
Qualitative Risk Analysis
An overall general statement produced by senior management that dictates what role security plays within the organization
jpresuello
Security Policy
Mandatory activities, actions or rules
jpresuello
Standards
Minimum level of protection required
jpresuello
Baseline
General guide and recommended actions when a specific Standard does not apply
jpresuello
Guidelines
Step by step detailed instruction on specific tasks
jpresuello
Procedure
Determining vulnerabilities and risks.
jpresuello
Due Diligence
Implementing countermeasures against risks and threats
jpresuello
Due Care
Responsible for specific data subset
jpresuello
Data Owner
Responsible for maintaining and protecting data/information
jpresuello
Data Custodian
Responsible for one or more systems
jpresuello
System owner
Responsible for properly defining business processes
jpresuello
Process owner
Decide who can and cannot access their applications
jpresuello
Application Owner
Anyone with a root or administrative account to a system
jpresuello
Security Administrator
Works at the design level than implementation
jpresuello
Security Analyst
Evaluates security controls within the company
jpresuello
Auditor
Responsible for approving and rejecting change control requests
jpresuello
Change Control Analyst
Ensures data is stored in a fashion that makes sense for the company
jpresuello
Data Analyst
Responsible for explaining business requirements to vendors
jpresuello
Product Line Manager
Responsible for all user activity and assets created and owned by these users
jpresuello
Supervisor
Uses data for work-related task
jpresuello
User
Works with business unit managers, data owners and senior managers to develop and deploy a solution
jpresuello
Solution Provider
Elected individuals that oversee the fulfillment of the corporation charter
jpresuello
Board of Directors
Day-to-day management of entire organization
jpresuello
CEO
Day-to-day account and financial activities
jpresuello
CFO
Responsible for information technology infrastructure
jpresuello
CIO
Oversee appropriate handling and usage of data
jpresuello
CPO
Responsible for understanding company specific risks and processes used to mitigate these risks
jpresuello
CSO
jpresuello
