CISSP certification: Qualitative Risk Analysis.
Qualitative Risk Analysis – How likely is it to happen and how bad is it if it happens? This is vague, guessing, a feeling and relatively quick to do. Most…
Qualitative Risk Analysis – How likely is it to happen and how bad is it if it happens? This is vague, guessing, a feeling and relatively quick to do. Most…
Access Control Defensive Categories and Types: Access Control Types (Many can be multiple types – On the exam look at question content to see which type it is). Preventative: Prevents…
Before you can take the exam you will agree to the ISC² Code of Ethics, they are also very testable on the certification. Learn them. ISC² Code of Ethics You agree…
[wp_quiz id="679"] [wp_quiz id="681"] [wp_quiz id="683"] [wp_quiz id="685"] [wp_quiz id="686"]
Defense in Depth – Also called Layered Defense or Onion Defense. We implement multiple overlapping security controls to protect an asset. This applies both to physical and logical controls. To…
Liability: If the question is who is ULTIMATELY liable, the answer is Senior Leadership. This does not mean you are not liable; you may be, that depends on Due Care.…
Least Privilege and Need to know. Least Privilege – (Minimum Necessary Access) Give users/systems exactly the access they need, no more, no less. Need to know – Even if you…
Identification: Your name, username, ID number, employee number, SSN etc. “I am Thor”. Authentication: “Prove you are Thor”. – Should always be done with Multifactor Authentication! Something you know -…