CISSP Security Domains Overview

Questions and Answers

What does authorization depend on?

• Level of digital evidence collected
• Type of security incident
• User's identity confirmation (correct)
• User’s activity history

Which of the following best describes accountability in security?

• Preventing unauthorized access to data
• Implementing new security measures
• Conducting audits for compliance
• Monitoring and recording user actions (correct)

What is a purpose of conducting security control testing?

• Collecting user login attempts
• Evaluating if controls achieve organizational goals (correct)
• Recording user actions for accountability
• Identifying user access levels

What action should be taken immediately after identifying a security incident?

Begin investigations with a sense of urgency (B)

What is one outcome of a digital forensic investigation?

Determining how the breach occurred (A)

Which method could be implemented to enhance security against threats?

Requiring multi-factor authentication (C)

Regularly collecting and analyzing security data helps in preventing what?

Threats and risks to the organization (C)

Which aspect is NOT part of security operations?

Monitoring user login attempts (D)

What characterizes a low-risk asset?

Public information that does not cause financial damage if compromised (B)

Which type of asset is most likely to cause severe damage if compromised?

High-risk asset (A)

What must be present for a risk to exist?

Both a vulnerability and a threat (A)

Which of the following is considered a vulnerability?

An outdated firewall (A)

What is ransomware primarily defined as?

A malicious attack demanding payment for data access (A)

Which of the following can be a result of a ransomware attack?

Unusable devices and encrypted confidential data (B)

What role do people's actions play in organizational security?

They can significantly affect the internal network's security (C)

How can ransom negotiations and data leaks occur?

Through the dark web (C)

What is the primary purpose of shared responsibility in security architecture?

To ensure all individuals contribute to risk management and security (D)

Which principle ensures that users only have access to the resources necessary for their roles?

Least privilege (A)

In communication and network security, what should organizations discourage to protect against vulnerabilities?

Accessing data over public Wi-Fi networks (A)

What is the main goal of Identity and Access Management (IAM)?

To reduce the overall risk to systems and data through access control (A)

What does the principle of 'fail securely' refer to in secure design architecture?

Ensuring that the system defaults to a secure state in failure scenarios (B)

How does threat modeling help in security architecture?

By identifying and mitigating potential security vulnerabilities (D)

Which component of Identity and Access Management ensures that a user's identity is confirmed?

Identification (D)

What is the primary focus of software development security?

Implementation of secure coding practices (B)

What approach does 'Trust but verify' advocate in security practices?

To maintain verification processes even for trusted users (A)

Why is it important to integrate security into the software development lifecycle?

To ensure that security is considered at every phase (A)

Which of the following is NOT a component of incident management in cybersecurity?

Designing user interfaces (A)

What role do playbooks serve in cybersecurity?

They guide incident response strategies (B)

What is a crucial step in ensuring application security during software development?

Performing application security tests (D)

What should cybersecurity professionals do once a threat is identified?

Work diligently to keep data safe from threat actors (A)

How do SIEM tools contribute to cybersecurity?

By collecting and analyzing security data (A)

Which of the following describes a key benefit of secure coding practices?

They ensure applications are secure and reliable (A)

What does the surface web primarily consist of?

Content that can be accessed using a web browser (D)

Which of the following best describes the deep web?

Requires authorization to access (B)

What is a significant risk of storing personally identifiable information (PII)?

It can be sold or leaked through the dark web (C)

Which consequence can result from an organization's assets being compromised?

Significant financial consequences (C)

What is a potential impact of an exploited vulnerability on an organization?

Loss of customer trust and reputation (D)

Which layer of the web is commonly associated with criminal activities due to its secrecy?

Dark web (A)

What motivates organizations to implement security measures?

To prevent significant impacts from threats and vulnerabilities (A)

Which of the following is NOT a key impact related to threats and vulnerabilities?

Improved market share (D)

What does the authorization step in the NIST RMF include?

Establishing project milestones (D)

Which step of the NIST RMF is defined as assessing if established controls are implemented correctly?

Assess (C)

In the context of risk management, what is considered a vulnerability?

A weakness that can be exploited by a threat (B)

What does the monitoring step in the NIST RMF ensure?

That procedures are working as intended (C)

Which of the following best describes 'shared responsibility' in an organization?

A collaborative approach to managing risks (D)

What is meant by the term 'ransomware'?

An attack where data is encrypted for payment (D)

Which of the following statements about 'risk mitigation' is accurate?

It involves establishing procedures to minimize impact (B)

Why is it important to monitor systems as described in the NIST RMF?

To ensure systems align with security goals (B)

Flashcards

Authentication

The process of verifying a user's identity.

Authorization

The process of determining what a user is allowed to access after their identity is verified.

Accountability

The process of monitoring and recording user actions to ensure systems and data are used properly.

Security Control Testing

Testing security controls to identify weaknesses and improve security measures.

Security Data Analysis

The process of analyzing security data to identify threats, risks, and vulnerabilities.

Security Audit

A formal examination of security controls to ensure they are effective and meet organizational goals.

Security Operations

The process of investigating security incidents, mitigating risks, and implementing preventive measures.

Digital Forensic Investigation

Investigating a security breach to determine how it occurred and what needs to be done to prevent future attacks.

Shared Responsibility

A security principle where everyone in an organization takes responsibility for protecting its assets and data, both physically and virtually.

Least Privilege

A security practice that limits user access to only the resources they require to perform their job.

Defense in Depth

A security strategy that implements multiple layers of defense to protect against attacks.

Fail Securely

A system that fails in a way that minimizes damage or disruption.

Separation of Duties

A security practice where different tasks are assigned to different individuals to prevent fraud or errors.

Keep it Simple

The concept of designing systems that are as simple as possible to reduce complexity and security risks.

Zero Trust

A security approach that assumes no user or device can be trusted by default and requires strict verification for every access attempt.

Trust but Verify

A security principle that involves verifying the identity of users and devices before granting access to resources.

Cybersecurity Incident Response

Involves implementing various strategies and tools to identify, prevent, and respond to cyber threats.

Training and Awareness

Enhancing awareness of cybersecurity risks and best practices among employees.

Reporting and Documentation

Documenting and analyzing suspicious activities or security events.

Intrusion Detection and Prevention

Systems that monitor network traffic and identify potential intrusions.

SIEM Tools

Tools that aggregate and analyze security logs from various sources for threat detection.

Log Management

Collecting, managing, and analyzing logs from different systems to identify security events.

Incident Management

A structured process for dealing with cybersecurity incidents, from detection to resolution.

Playbooks

Step-by-step instructions for handling specific cybersecurity incidents.

Medium-risk asset

Information that's not available to the public, and if compromised, could cause some damage to an organization's finances, reputation, or ongoing operations.

Low-risk asset

Information that holds no real risk for an organization if it's compromised.

High-risk asset

Information that's protected by laws or regulations, and if compromised, could severely hurt an organization's finances, reputation, and ongoing operations.

Vulnerability

A weakness that can be exploited by a threat, leading to a security risk.

Ransomware

A malicious attack where threat actors encrypt an organization's data and then demand payment to restore access.

Decryption key

A password that unlocks data encrypted by ransomware.

Dark web

An online marketplace where cybercriminals communicate and trade stolen data and malicious tools.

People as a vulnerability

An individual's actions can significantly impact an organization's internal network security, making it important for all users to be security-conscious.

Surface Web

The most visible part of the internet, accessible through standard web browsers. It includes websites, social media, news articles, online shopping, and other publicly available content.

Cybersecurity Risk

The potential for harm or loss to an organization's assets, reputation, or operations due to cybersecurity threats.

Final Impact of a Cyberattack

The direct consequences experienced by an organization after a successful cyberattack. This can include financial losses, operational disruption, and reputational damage.

Identity Risk

The risk of unauthorized access, disclosure, or misuse of sensitive information like personal data (PII), leading to identity theft, fraud, and reputational damage.

Damage to Reputation

The negative impact on an organization's reputation due to a cyberattack. This can lead to loss of customer trust, reduced business opportunities, and decreased brand value.

Risk Mitigation

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach.

Categorize

The second step of the NIST RMF that is used to develop risk management processes and tasks.

Authorize

The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that may exist in an organization.

Monitor

The seventh step of the NIST RMF that means be aware of how systems are operating.

Risk

Anything that can impact the confidentiality, integrity, or availability of an asset.

Assess

The fifth step of the NIST RMF that means to determine if established controls are implemented correctly.

Business Continuity

An organization's ability to maintain their everyday productivity by establishing risk disaster recovery plans.

Study Notes

CISSP Security Domains, Part 1

• There are 8 security domains identified by CISSP
• Security posture describes an organization's ability to manage its defenses of assets.
• Security and risk management focuses on security goals, objectives, risk mitigation, compliance, business continuity, and legal regulations.

Security and Risk Management

• Defining security goals and objectives allows organizations to reduce risks to assets like Personally Identifiable Information (PII).
• Risk mitigation involves having the right processes and rules to quickly reduce the impact of potential breaches.
• Compliance relates to establishing internal security policies, regulatory requirements, and independent standards.
• Business continuity plans address an organization's ability to maintain daily productivity during disruptions.
• Legal regulations guide security and risk management, emphasizing ethical behavior to minimize negligence, abuse, or fraud.

Asset Security

• This domain focuses on securing digital and physical assets
• It includes storing, maintaining, retaining, and destroying data (e.g., PII, SPII).
• Organizations need policies for secure handling and protection of assets, whether stored digitally or physically.

Security Architecture and Engineering

• Effective data security relies on appropriate tools, systems, and processes.
• Shared responsibility means all individuals contribute to physical and virtual security.
• Design principles, such as threat modeling, least privilege, defense in depth, secure privilege, separation of duties, keeping it simple, zero trust, and verifying trust, are part of secure design architectures.

Communication and Network Security

• This domain manages physical and wireless networks to ensure secure communication.
• Secure networks protect data and communications, whether on-site, in the cloud, or remote.
• Employees should be protected in public spaces from insecure communications (Wi-Fi, Bluetooth).

Identity and Access Management (IAM)

• This domain controls and manages asset access by users.
• IAM keeps systems and data secure by limiting access to only needed levels.
• Four main components of IAM include identification, authentication, authorization, and accountability.

Assessment and Testing

• This domain conducts security control testing, collects and analyzes data, and performs security audits to monitor risks, threats, and vulnerabilities.
• Security testing helps identify better ways to mitigate risks, threats, and vulnerabilities.
• Analyst might use security control testing evaluations and security assessment reports to improve existing controls or implement new controls.

Security Operations

• Security operations conduct inquiries and preventative measures once a security incident is identified.
• Minimizing potential risk, mitigating attacks, and conducting forensic investigation are essential aspects of this domain.
• Tools and strategies used include training and awareness, reporting, intrusion detection, incident management, log management, and post-breach forensics.

Software Development Security

• Secure coding practices are crucial for creating secure applications and services.
• Secure software development lifecycle ensures security is integrated into each phase, from design and development to testing and release.
• Security tests and reviews (design, code, penetration) are performed during different stages of development to identify and mitigate vulnerabilities.