CISSP Security Domains - Part 1

Questions and Answers

What is the primary purpose of the CISSP security domains?

• To conduct financial audits
• To develop new software security solutions
• To regulate global security laws
• To organize daily tasks and identify security gaps (correct)

Security posture refers to an organization's ability to manage its defenses and respond to changes.

True (A)

Name one of the processes involved in risk mitigation.

Having the right procedures and rules in place.

The domain focused on securing digital and physical assets is called ______.

Asset security

Match the following CISSP security domains with their focus:

Security and Risk Management = Defining security goals and compliance Asset Security = Securing digital and physical assets Incident Response = Responding to security incidents Cloud Security = Securing cloud-based environments

Which of the following is NOT a component of security and risk management?

Social media policies (C)

Legal regulations governing security are uniform across all countries.

False (B)

What type of information should organizations ensure is properly destroyed?

Personally identifiable information (PII) or sensitive personally identifiable information (SPII).

What does authorization relate to in an organization?

Level of access based on roles (C)

Security control testing is not necessary for identifying risks and vulnerabilities.

False (B)

What process begins once a security incident has been identified?

Investigation

What does the concept of 'shared responsibility' imply in an organization?

All individuals within the organization play a role in maintaining security. (A)

To ensure improved security, organizations may implement _____ authentication.

multi-factor

Match the following terms with their respective definitions:

Authorization = Determines level of access based on user roles Accountability = Monitoring and recording user actions Assessment and Testing = Conducting security control testing and audits Security Operations = Investigating security incidents and implementing measures

The concept of 'defense in depth' means relying solely on a single security measure.

False (B)

What is the primary focus of communication and network security?

Managing and securing physical networks and wireless communications.

Which of the following is a key focus of security operations?

Investigating security incidents (A)

The goal of IAM is to reduce the overall risk to ________ and data.

systems

Accountability is related to determining the identity of users.

False (B)

What is the purpose of conducting security audits?

To monitor for risks, threats, and vulnerabilities.

Match the IAM components with their descriptions:

Identification = Verifies who a user is. Authentication = Confirms a user's identity. Authorization = Determines what a user can access. Accountability = Tracks user activities and access.

Which of the following principles emphasizes that not all users should have the same level of access?

Least privilege (C)

Using public Wi-Fi hotspots is always secure if a VPN is used.

False (B)

What is one example of a risky behavior that employees can practice when working remotely?

Using insecure Bluetooth connections.

What is the layer of the web that most people use?

Surface web (C)

The dark web can be accessed using a standard web browser.

False (B)

What type of data does PII refer to?

Personally identifiable information

The _____ web generally requires authorization to access it.

deep

Match the following layers of the web with their descriptions:

Surface web = Content accessible via a standard web browser Deep web = Requires authorization to access Dark web = Accessible using special software and often associated with criminal activity

Which of the following is NOT a key impact of threats, risks, and vulnerabilities?

Cost of web development (A)

Secrecy of the dark web is beneficial for businesses seeking to protect sensitive data.

False (B)

What should organizations implement to prevent the impacts of threats, risks, and vulnerabilities?

Proper security measures and protocols

What is the first step of the NIST Risk Management Framework?

Prepare (B)

The 'Select' step involves implementing security and privacy plans.

False (B)

What does the 'Assess' step of the RMF focus on?

Determining if established controls are implemented correctly.

In the NIST RMF, the step that involves being accountable for security risks is called __________.

Authorize

Which step involves developing processes to manage risks to critical assets?

Categorize (C)

Match the following steps of the RMF with their main focus:

Prepare = Monitor risks and identify controls Select = Choose and customize controls Implement = Execute security plans Assess = Determine if controls are effective

The 'Implement' step is not essential for minimizing ongoing security risks.

False (B)

Name one activity involved in the 'Prepare' step of the RMF.

Monitoring for risks.

Which step of the NIST RMF involves determining if established controls are implemented correctly?

Assess (A)

The Monitor step of the NIST RMF is the final step in the risk management framework.

False (B)

What is the main goal of business continuity?

To maintain everyday productivity by establishing risk disaster recovery plans.

The __________ represents anything that can impact the confidentiality, integrity, or availability of an asset.

risk

Which of the following best defines 'Social engineering'?

A manipulation technique that exploits human error to gain private information (A)

Match the following NIST RMF steps with their descriptions:

Prepare = Activities necessary to manage security before a breach Categorize = Develop risk management processes Select = Choose and document controls Implement = Put security plans into effect

External threats are those that originate from within the organization.

False (B)

A __________ is a weakness that can be exploited by a threat.

vulnerability

Flashcards

Security Posture

An organization's ability to protect its critical assets and data, react to change and manage its security defenses.

Security and Risk Management

The process of identifying, assessing, and mitigating risks to critical assets and data.

Defining Security Goals and Objectives

The process of defining security goals and objectives to reduce risks to critical assets and data, like PII.

Risk Mitigation Processes

Having the right procedures and rules in place to quickly reduce the impact of a security risk like a breach.

Compliance

A primary method for developing internal security policies, regulatory requirements, and independent standards.

Business Continuity Plan

An organization's ability to maintain everyday productivity by establishing risk and disaster recovery plans.

Vulnerability Management

The process of identifying, controlling, and mitigating vulnerabilities within systems and applications.

Asset Security

Securing digital and physical assets, including data storage, maintenance, retention, and destruction.

Authorization

Refers to granting access to resources based on a user's verified identity and their specific role in the organization.

Accountability

Involves monitoring and recording user actions to ensure responsible system and data usage.

Assessment and Testing

Focuses on testing security controls, analyzing data, and conducting audits to identify and mitigate risks, threats, and vulnerabilities.

Security Assessment

This domain focuses on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities.

Security Control Testing

Examining organizational goals and objectives to ensure the implemented security controls are effectively achieving them.

Security Data Analysis

The process of gathering, analyzing, and using security data to identify and prevent threats.

Security Audit

A formal examination of an organization's security posture to identify and assess vulnerabilities and risks.

Security Operations

This domain focuses on investigating security incidents, implementing preventive measures, and conducting forensic investigations.

Least Privilege

A security principle that involves minimizing the permissions granted to users, applications, or systems. This helps reduce the potential impact of a security breach by limiting access to only what is necessary for the task at hand.

Defense in Depth

A security strategy that uses multiple layers of protection to defend against attacks. Each layer acts as a barrier, making it more difficult for attackers to compromise the system.

Fail Securely

A security principle that requires systems to fail in a secure state, minimizing the risk of data compromise or system disruption.

Separation of Duties

A security principle that involves distributing critical tasks among multiple individuals to prevent any single person from having complete control over sensitive operations.

Keep it Simple

A security principle that aims to simplify system design and configurations to reduce potential vulnerabilities and complexity.

Zero Trust

A security model that assumes no user or device can be trusted by default, requiring strong authentication and authorization for every access request.

Trust but Verify

A security principle that involves verifying the identity and trustworthiness of users, applications, and devices before granting access.

Threat Modeling

The process of identifying potential security threats and vulnerabilities in a system or application. This helps to understand the risks and prioritize mitigation efforts.

Surface Web

The most commonly accessed portion of the internet, containing content accessible through standard web browsers. Think of it like the surface of the ocean.

Deep Web

Part of the internet that requires authorization to access, often used by organizations for internal data and applications. Imagine it as the underwater portion of the ocean.

Dark Web

Part of the internet accessible using specific software and often associated with illegal activities due to its anonymity and encrypted nature. Picture it as the deepest, darkest part of the ocean.

Final Impact

The financial consequences experienced when an organization's systems or data are compromised by cyberattacks. Think of it like the impact of a tsunami on a coastal city.

Data Storage Risk

The potential harm caused by storing sensitive information, such as customer data, on an organization's systems. Think of it like a treasure chest on a beach, attracting pirates.

Reputation Damage

The negative impact on an organization's reputation and public perception due to data breaches or security vulnerabilities. Think of it like a tsunami causing a beach to disappear.

PII

Personally Identifiable Information, like names, addresses, and social security numbers, often targeted by attackers for illegal gains.

Threat Actors

Individuals or groups who exploit vulnerabilities in systems or data for malicious purposes, often using the dark web for anonymity and illegal activities.

Prepare (RMF Step 1)

The first stage of the Risk Management Framework (RMF), focusing on preparing for security risks by monitoring and identifying mitigating controls.

Categorize (RMF Step 2)

Categorizing assets by their sensitivity to risk, determining how confidentiality, integrity, and availability could be impacted.

Select (RMF Step 3)

Choosing, customizing, and documenting security controls that protect an organization's assets.

Implement (RMF Step 4)

Putting security and privacy plans into action within an organization.

Assess (RMF Step 5)

Evaluating whether implemented controls are working effectively in protecting against risks.

Authorize (RMF Step 6)

Taking responsibility for remaining security and privacy risks within an organization.

NIST Risk Management Framework (RMF)

A framework developed by NIST, providing a structured process for managing security and privacy risks.

Risk Management

The process of identifying, assessing, and mitigating risks to key assets within an organization.

Ransomware

A malicious attack where threat actors encrypt an organization's data and demand payment to restore access.

Assess

The fifth step of the NIST RMF where you check if the implemented controls are working as intended.

External threat

Anything outside the organization that could harm its assets. Imagine a storm threatening a building or hackers targeting a website.

Risk mitigation

The process of having the right procedures and rules in place to quickly reduce the impact of a risk.

Authorize

The sixth step of the NIST RMF where you take responsibility for the security and privacy risks within the organization.

Internal threat

A current or former employee, external vendor, or trusted partner who poses a security risk.

Categorize

The second step in the NIST RMF process where you analyze the type of information you handle and the risks associated with it.

Shared responsibility

The idea that everyone in an organization is responsible for maintaining security.

Study Notes

CISSP Security Domains - Part 1

• Eight security domains are identified by CISSP, assisting security teams in organizing daily tasks and identifying potential security vulnerabilities.

Security and Risk Management

• Defining security goals and objectives: Reducing risks to critical assets, like personally identifiable information (PII).
• Risk mitigation: Implementing procedures to minimize the impact of potential breaches.
• Compliance: Developing internal security policies based on regulatory requirements and independent standards.
• Business continuity plans: Ensuring an organization's ability to maintain productivity during disasters.
• Legal regulations: Adhering to global security and risk management laws and regulations to minimise negligence, abuse, or fraud.

Asset Security

• Securing digital and physical assets: Protecting data stored on computers, transferred over networks, or physically collected.
• Data storage, maintenance, retention, and destruction: Establishing policies that ensure proper handling throughout an asset's lifecycle.
• Data access policies: Understanding who has access to specific data and ensuring privacy.

Security Architecture and Engineering

• Shared responsibility: All individuals are responsible for security, encouraging users to report concerns
• Threat modeling: Identifying potential threats to the security system
• Least privilege: Granting users only the necessary access levels
• Defense in depth: Implementing multiple layers of security controls
• Fail securely: Ensuring systems function properly even if a security control fails.

Communication and Network Security

• Managing and securing physical and wireless networks: Ensuring network security for on-site communication and remote services
• Remote work security: Implementing security measures for employees working remotely in public spaces to protect against security concerns in public places.

Identity and Access Management (IAM)

• Controlling access to data and assets: Establishing and following policies for controlling and managing data assets.
• Limiting user access: Limiting access levels based on the specific needs of an employee.
• Identifications Methods: Verifying user identities through methods like usernames, passwords, access cards, and biometrics.
• Authorizations: Granting suitable access based on the employee role and responsibilities.
• Accountability: Recording user activities and login attempts to ensure proper security procedures are followed.

Assessment and Testing

• Conducting security control testing: Evaluating existing security controls to ensure they are sufficient.
• Collecting and analyzing security data: Regularly analysing data to identify existing risks.
• Security audits: Conducting regular audits to monitor for risks, threats, and vulnerabilities.

Security Operations

• Conducting investigations: Responding to security incidents
• Implementing preventative measures: Developing preventive measures to reduce risk
• Digital forensics: Investigating breaches to determine cause and effect.

Software Development Security

• Secure coding practices: Employing security practices throughout the software development lifecycle
• Security testing: Performing security tests to identify and mitigate vulnerabilities.
• Security considerations throughout the entire development lifecycle: Designing and integrating security into each software development stage.

Description

Explore the first part of the CISSP security domains, focusing on Security and Risk Management, along with Asset Security. Learn about defining security goals, risk mitigation, compliance, and maintaining business continuity. Gain insights into protecting digital and physical assets as part of a comprehensive security strategy.