CISSP Practice question #200

We are implementing governance standard and control frameworks focused on internal risk analysis. What should we implement?
A: COBIT.
B: ITIL.
C: COSO.
D: FRAP

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


D: FRAP (Facilitated Risk Analysis Process) analyses one business unit, application or system at a time in a roundtable brainstorm with internal employees. Impact analyzed, Threats and Risks Prioritized.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

My thoughts on the April 15th CISSP curriculum updates.

TL;DR; No need to buy new study materials, the changes are 1% or less, it is just reshuffling of knowledge areas.

With the updates to the CISSP curriculum I figured I would also give my 2 cents on the updates.

The updates are mostly on the organizational side of the curriculum, and not the actual content. It is mostly renaming, reorganizing and domain weight redistribution.

As a teacher I will buy the new books as soon as they are out (they are already pre-ordered).

If I was studying for the CISSP, I probably would not buy anything to replace my old materials, the changes being 1% actual updates or less.

That really goes for any study materials: Books, videos, practice tests, pod casts, anything.
If you have the 2015 versions, buying newer versions would not help you really.

I am going to update my practice tests in early May with questions from some of the actual updates (attribute-based access control, asset management, more IOT, more AI and some standards).

Previous domain name/weight:                   New domain name/weight:

Domain 1:
Security and Risk Management – 16%        Security and Risk Management – 15%
Mostly format and name changes of content. 0-1% update on actual curriculum.

Domain 2:
Asset Security – 10%                                      Asset Security – 10%
Cryptography moved to domain 3 where it should be and smaller format and name changes of content. 0-1% update on actual curriculum.

Domain 3:
Security Engineering – 12%                            Security Architecture and Engineering – 13%
Mostly format and name changes of content. 1-2% update on actual curriculum, mostly IOT and newer technologies, which are already on the exam and Cryptography being moved in from other domains.

Domain 4:
Communications and Network Security – 12%   Communication and Network Security – 14%
Cryptography moved to domain 3 where it should be and smaller format and name changes of content. 0-1% update on actual curriculum.

Domain 5:
Identity and Access Management – 13%         Identity and Access Management (IAM) – 13%
Mostly format and name changes of content. 0-1% update on actual curriculum.

Domain 6:
Security and Assessment Testing – 11%           Security Assessment and Testing – 12%
Mostly format and name changes of content. 0-1% update on actual curriculum.

Domain 7:
Security Operations – 16%                                 Security Operations – 13%
Mostly format and name changes of content. 0-1% update on actual curriculum.

Domain 8:
Software Development Security – 10%              Software Development Security – 10%
Mostly format and name changes of content. 0-1% update on actual curriculum.

If you have any questions about the upcoming changes feel free to post on this thread.

I hope I can help you get certified,

Thor

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

A password for the Hawaii emergency agency was hiding in a public photo, written on a Post-it note

A password for the Hawaii emergency agency was hiding in a public photo, written on a Post-it note

A password for the Hawaii emergency agency was hiding in a public photo, written on a Post-it note

While the Hawaii Emergency Management Agency says a false missile alert was not a hack, a password in a photo has drawn criticism of its security practices.

Source: www.businessinsider.com/hawaii-emergency-agency-password-discovered-in-photo-sparks-security-criticism-2018-1

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

Video highlight from my new free CISSP Essentials course – Life after passing the CISSP certification and being being endorsed.

This is the seventh lecture from my new free CISSP Essentials course.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

Video highlight from my new free CISSP Essentials course – The CISSP exam itself, how to mentally and physically prepare for it.

This is the sixth lecture from my new free CISSP Essentials course.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

How Many (ISC)² Members Are There Per Certification in your country?

See how many CISSP certified people there are in your country and in the world.

Source: www.isc2.org/en/About/Member-Counts

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading