• Home
  • The Song
  • The Avatar
  • The Cat
  • Contact the Cat

Gyp the Cat dot Com

ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP
Revision

ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP

Some common and overarching themes within the CISSP CBK.  Collected here as an additional to revision.

[alert style=”red”]In NO way should these notes be used as your sole source of study for the CISSP exam.  These notes lack things completely that could be included on your exam.  I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning.  For further information see my CISSP Study and Exam Tips.[/alert]

ISC(2) CISSP Revision Notes – Study and Exam Tips
ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP (You are here)
ISC(2) CISSP Revision Notes – Access Control
ISC(2) CISSP Revision Notes – Business Continuity and Disaster Planning
ISC(2) CISSP Revision Notes – Cryptography
ISC(2) CISSP Revision Notes – Information Security Governance and Risk Management
ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance
ISC(2) CISSP Revision Notes – Operations Security
ISC(2) CISSP Revision Notes – Security Architectural Design
ISC(2) CISSP Revision Notes – Software Development Security
ISC(2) CISSP Revision Notes – Telecommunications and Network Security

 

Safety of people is a paramount concern to information security.

CIA Triad

Core security principals which must be met (at least one of, usually all)

Security must maintain CIA of an organisations assets

  • Confidentiality – Prevent unauthorised disclosure of information
  • Integrity – Prevent unauthorised (through any actor inc environment etc.) modification of systems and information
  • Availability – Prevent disruption of service and/or productivity

Applying these principals provides features and benefits to the organisation

Control

Default Stance & Underlying Philosophy

1)   Allow by Default

  1. Eg universities
  2. Can access everything unless there is a specific need to restrict
  3. Few organisations are “pure” Allow by Default throughout, eh Universities restricting access to HR systems

2)   Deny by Default

  1. Eg commercial entities, governments & military
  2. Any access that isn’t specifically permitted is denied

Defence in Depth

  • The practice of applying multiple layers of security protection
  • If one layer should fail then there is still protection
  • Not just IT related, can be used anywhere (eg facilities with fences, guards, CCTV, locked offices, etc)
  • Compromise should be a challenge against all layers
  • Limit exposure to possible threats

Individual Points

  • “Prevention is ideal but detection is a must; however detection without response is useless.” – Eric Cole
  • Prevention inbound, detective outbound
  • Successful security program integrates effectively within a business or operational goals of an organisation
  • Least privilege
  • Risk Management?
  • Security Domains – Different areas of different risks and controls (eg DMZ compared to internal LAN)
  • Risk cannot be eliminated, it must be managed
  • Information Governance is the framework, policies, concepts, principles, structures and standards used to protect information assets.

[alert style=”red”]In NO way should these notes be used as your sole source of study for the CISSP exam.  These notes lack things completely that could be included on your exam.  I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning.  For further information see my CISSP Study and Exam Tips.[/alert]

 

Related

Written by gyp - November 25, 2013 - 295 Views
Tags | cissp, isc, qualification, revision, security

You Might Also Like

3 Ethical Dilemma for Information Security Professionals

February 19, 2012

Fail2ban

October 2, 2010

Steam & Valve IP Ranges

January 8, 2016

1 Comment

  • ISC(2) CISSP Revision Notes – Study and Exam Tips | Gyp the Cat dot Com November 25, 2013 at 1:53 am

    […] CISSP Revision Notes – Study and Exam Tips (You are here) ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP ISC(2) CISSP Revision Notes – Access Control ISC(2) CISSP Revision Notes – Business Continuity […]

    Reply
  • Please Post Your Comments & Reviews
    Cancel reply

    Your email address will not be published. Required fields are marked *

    Previous Post
    Next Post

    Latest Posts

    • Black Ops 3 NAT Type Strict & PS4 NAT Type 3 with pfSense Fixed!
    • Sorry for the lack of posts
    • How to Block Internet Access with Group Policy (GPO)
    • Enforcing Microsoft Office 365 and Azure Tennancy with McAfee Web Gateway (MWG)
    • Scanning Subnet for Issuing Certificate Authority with OpenSSL
    • How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
    • Steam & Valve IP Ranges
    • Easy(ish) IPSec VPN with Shared ECDSA Certificates for Host to Host Connections
    • Configuring Suite B, VPN-A and VPN-B in IPSec with Strongswan
    • How to Create a Site to Host VPN on Ubuntu for AWS, Azure and Linode with pfsense

    Top Posts & Pages

    • How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
      How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
    • How to Block Internet Access with Group Policy (GPO)
      How to Block Internet Access with Group Policy (GPO)
    • Tinyproxy A Quick and Easy Proxy Server on Ubuntu
      Tinyproxy A Quick and Easy Proxy Server on Ubuntu
    • ISEB Business Analysis (BA) Revision Notes
      ISEB Business Analysis (BA) Revision Notes
    • How to Create a Site to Host VPN on Ubuntu for AWS, Azure and Linode with pfsense
      How to Create a Site to Host VPN on Ubuntu for AWS, Azure and Linode with pfsense
    • Easy(ish) IPSec VPN with Shared ECDSA Certificates for Host to Host Connections
      Easy(ish) IPSec VPN with Shared ECDSA Certificates for Host to Host Connections
    • Black Ops 3 NAT Type Strict & PS4 NAT Type 3 with pfSense Fixed!
      Black Ops 3 NAT Type Strict & PS4 NAT Type 3 with pfSense Fixed!
    • How to Install a SSL Certificate on Nginx
      How to Install a SSL Certificate on Nginx
    • IPSec VPN Host to Host on Ubuntu 14.04 with strongSwan
      IPSec VPN Host to Host on Ubuntu 14.04 with strongSwan
    • Top 5 Deep Web Myths (and why it's not as exciting as you think it is)
      Top 5 Deep Web Myths (and why it's not as exciting as you think it is)

    Tags

    adobe apache2 blops business cheating cissp cloudflare cryptography dns exchange game google gyp internet iphone ipsec isc iseb linux mac marketing microsoft misc mw2 mx mysql nginx pfsense postfix proxy ps3 qualification revision security seo smtp socks squid ssh strongswan tinyproxy ubuntu windows 2012 wordpress xdecrypt.com
    Gyp the Cat dot Com

    Some rights retained Gyp the Cat Dot Com