CISSP Study Guide

You may have heard the mantra "think like a manager" numerous times, be it from resources like Re...

Understanding Risks Analysis Formulas Risk analysis can be broken down into two primary methods....

 Supply Chain Risk Management (SCRM) Modern service delivery often involves a chain of multipl...

Type of Law Standard Description Criminal Law Beyond a reasonable doubt Contai...

Data Security Controls When preparing for your CISSP exam, the primary areas to focus on include...

Introduction to Key Concepts We will cover, at a high level, the following concepts which will b...

Common Criteria (CC) - ISO/IEC 15408 Overview: Provides a framework for the security evaluatio...

Microservices and Service Orientated Architecture (SOA) Service-Oriented Architecture (SOA) is a...

Grid Computing Grid computing, a subset of distributed computing, harnesses the power of many lo...

Security Modes Multilevel Mode Designed for systems that handle data of varying classificatio...

CASB (Cloud Access Security Broker) Definition: A CASB is a security solution that sits between ...

Processor States Single State Processors Multi-State Processors Processors restr...

Process Isolation: It's like giving each process its own private room. This ensures a process...

Physical Security Controls Functional Order of Security Controls Stage Purpose Example ...

Post-Quantum Cryptography (PQC) PQC refers to cryptographic algorithms designed to be secure aga...

Understanding the core principles of cryptography is crucial in the journey towards CISSP certifi...

This overview provides an introduction to the basic concepts of codes and ciphers, essential elem...

Public Key Infrastructure (PKI) is an essential framework in cybersecurity that works like a digi...

In short, symmetric cryptography is faster and simpler but lacks scalability, has challenges with...

In the previous pages, we covered discussed encryption as a bidirectional function. Note how encr...

In the realm of cybersecurity, we often encounter various types of attacks. We'll dig deeper into...

Objective Implement secure design principles in network architectures. Secure network compone...

Network Standard Topologies Mesh Topology Description: Every system is connected to every other...

UDP/TCP While TCP focuses on reliability and comprehensive data communication, UDP aims for sp...

Synchronous vs Asynchronous Synchronous Communication: Relies on a timing or clocking mechani...

Network Segmentation Definition: A strategy that divides a network into multiple segments or sub...

Wireless Networks Li-Fi: Uses light for communication, boasting speeds that surpass Wi-Fi. ...

Content Delivery Networks (CDN) A decentralized server network crafted to curtail delays when lo...

Intrusion Detection & Prevention Systems Intrusion Detection Systems (IDS) and Intrusion Prevent...

Firewalls Network security devices that monitor and filter incoming and outgoing network traffic...

Exam Outline Control Physical and logical access to assets Manage identification and authenti...

Security Controls Overview Security controls can be: Implemented Via: Administratively ...

Risk Definition: The potential that a threat can exploit a vulnerability and cause damage...

Common Attacks Spoofed Logon Screen Description: Fake login screen captures user credent...

Key Term Description Examples Subject Active participant that requests access. ...

Introduction Security assessment and testing programs provide a mechanism for validating the ong...

CISSP Domain 7: Security Operations 7.1 Understand and Comply with Investigations 7.2 Conduct...

Limiting Access & Damage Apply the Need-to-Know & Least Privilege theory: Limit access to dat...

Configuration & Change Management Helps in preventing incidents and outages. Configuratio...

Intrusion Systems Intrusion Detection System (IDS) Response Mechanism Passive Response: Logs...

Log Files & Monitoring Log Files Purpose: Record data in databases or files. Types: Authen...

Computer Crime in the Context of CISSP CISSP mainly focuses on US law. A computer crime is a vi...

Difference between BCP and DRP BCP (Business Continuity Planning): Focuses on the whole bu...

What's New in Domain 8? 8.2 Identify and Apply Security Controls in Software Development Eco...

RDBMS Architecture Tables (relations): Comprises multiple attributes or fields. Each attribute c...

Introduction to Machine Learning Machine Learning Techniques Focus on algorithmically disco...

SDLC Phase Steps Phase Name Description Mnemonic ⬇️ Requirements and Analysis In t...

Change, Configuration, and Testing Change and Configuration Management Provides an organized ...

Protection Rings: Protection rings structure privilege levels in a hierarchical manner, typicall...

1, add if you have time 10. The separation of network infrastructure from the control layer, c...