CISSP IT Security Certification

Domain 1 : Security and Risk Management

  1. Understand security management concepts and principles including CIA model  (Confidentiality, Integrity and Availability)
  2. Identify Security Controls types and how they work
  3. Discuss the organizational Security Model
  4. Be familiar with the Information Security “Planning Horizon”
  5. Discuss Data Classification and Labelling
  6. Discuss the role employment policies and practices in Information Security
  7. Define Information Security roles within an organization
  8. Identify and differentiate between policies, standards, baselines, guidelines and  procedures
  9. Classify risk management using quantitative and qualitative assessments Understand the importance of security awareness training

Fundamental Principles of Security

•There are 3 main principles in all security programs:

  1. Availability: Prevents disruption of services and productivity. Examples: Redundancy, backup systems
  2. Integrity: Prevents unauthorized modification of systems and Information.  Examples: Intruder detection and hashing
  3. Confidentiality: Prevents unauthorized disclosure of sensitive Information. Examples: encryption, proper personal training

DOMAIN 2: ASSET SECURITY

  • Understanding Commercial and Government Data Classification
  • Establishing Ownership of Data
  • Addressing Privacy Issues
  • Managing Records Retention
  • Identifying Appropriate Data Security Controls
  • Ensure Proper Handling of sensitive Information Assets

Data Classification

  • Unclassified – The lowest government data classification level is Unclassified,  disclosure causes no harm to national security
  • Sensitive but Unclassified (SBU) – Sensitive but Unclassified information is a  common modifier of unclassified information. It generally includes  information of a private or personal nature. Examples include test questions,  disciplinary proceedings, and medical records.
  • Confidential – Confidential information is information that, if compromised,  could cause damage to national security. Confidential information is the  lowest level of classified government information.
  • Secret – Secret information is information that, if compromised, could  cause serious damage to national security. Secret information must  normally be accounted for throughout its life cycle, all the way to its  destruction.
  • Top Secret – Top Secret information is information that, if  compromised, could cause grave damage to national security. Top  Secret information may require additional safeguards, such as special  designations and handling restrictions.