Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

02 Play it safe: Manage Security Risks > WK 1 Security Domains > Flashcards

WK 1 Security Domains Flashcards

1
Q

Why are the CISSP security domains important?

A

Security teams use them to organize daily tasks and identify gaps in security that could cause negative consequences for an organization, and to establish their security posture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Posture

A

Security posture refers to an organization’s ability to manage its defense of critical assets and data and react to change.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Domain 1: Security and Risk Management

5 focus areas

A

Focused on…

  1. Defining security goals and objectives
  2. Risk Mitigation
  3. Compliance
  4. Business continuity
  5. Legal Regulations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Domain 1: Security and Risk Management

Focus area 1: Defining security goals and objectives

What’s the importance of this focus area?

A

Organizations can reduce risks to critical assets and data like personally identifiable information (PII)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Domain 1: Security and Risk Management

Focus area 2: Risk Mitigation

What’s the importance of this focus area?

A

Risk mitigation means having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Domain 1: Security and Risk Management

Focus area 2: Compliance

What’s the importance of this focus area?

A

Compliance is the primary method used to develop an organization’s internal security policies, regulatory requirements, and independent standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Domain 1: Security and Risk Management

Focus area 2: Business Continuity

What’s the importance of this focus area?

A

Business continuity relates to an organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Domain 1: Security and Risk Management

Focus area 2: Legal Regulations

What’s the importance of this focus area?

A

While laws related to security and risk management are different worldwide, the overall goals are similar. As a security professional, this means following rules and expectations for ethical behavior to minimize negligence, abuse, or fraud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Domain 2: Asset Security

What is Asset Security?

A

The asset security domain is focused on securing digital and physical assets. It’s also related to the storage, maintenance, retention, and destruction of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Domain 2: Asset Security

Why is Asset Security important?

A

Knowing what data you have and who has access to it is necessary for having a strong security posture that mitigates risk to critical assets and data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Domain 3: Security Architecture and Engineering

What is the focus?

A

This domain is focused on optimizing data security by ensuring effective tools, systems, and processes are in place to protect an organization’s assets and data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Domain 4: Communication and Network Security

What is the focus?

A

Mainly focused on managing and securing physical networks and wireless communications

Secure networks keep an organization’s data and communications safe whether on-site, or in the cloud, or when connecting to services remotely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Domain 5: Identity and access management (IAM)

What is the focus?

A

Focused on access and authorisation to keep data secure by making sure users follow established policies to control and manage assets.

As an entry-level analyst, it’s essential to keep an organization’s systems and data as secure as possible by ensuring user access is limited to what employees need.

Basically, the goal of IAM is to reduce the overall risk to systems and data

There are four main components to IAM.

Identification
Authentication
Authorisation
Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Domain 6: Security Assessment and Testing

What is the focus?

A

This domain focuses on conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Domain 7: Security Operations

What is the focus?

A

The security operations domain is focused on conducting investigations and implementing preventative measures. Investigations begin once a security incident has been identified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Domain 8: Software Development Security

What is the focus?

A

This domain focuses on using secure coding practices. As you may remember, secure coding practices are recommended guidelines that are used to create secure applications and services.

The software development lifecycle is an efficient process used by teams to quickly build software products and features.

17
Q

Threat

A

A threat is any circumstance or event that can negatively impact assets.

One example of a threat is a social engineering attack. Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Malicious links in email messages that look like they’re from legitimate companies or people is one method of social engineering known as phishing.

As a reminder, phishing is a technique that is used to acquire sensitive data, such as user names, passwords, or banking information.

18
Q

Risks

A

Risks are different from threats. A risk is anything that can impact the confidentiality, integrity, or availability of an asset. Think of a risk as the likelihood of a threat occurring.

An example of a risk to an organization might be the lack of backup protocols for making sure its stored information can be recovered in the event of an accident or security incident.

Organizations tend to rate risks at different levels: low, medium, and high, depending on possible threats and the value of an asset.

19
Q

Low risk asset

A

Information that would not harm the organization’s reputation or ongoing operations, and would not cause financial damage if compromised. This includes public information such as website content, or published research data.

20
Q

Medium risk asset

A

A medium-risk asset might include information that’s not available to the public and may cause some damage to the organization’s finances, reputation, or ongoing operations.

For example, the early release of a company’s quarterly earnings could impact the value of their stock.

21
Q

High risk asset

A

Information protected by regulations or laws, which if compromised, would have a severe negative impact on an organisation’s finances, ongoing operations, or reputation.

This could include leaked assets with SPII, PII, or intellectual property.

22
Q

Vulnerability

A

A vulnerability is a weakness that can be exploited by a threat. And it’s worth noting that both a vulnerability and threat must be present for there to be a risk.

Examples of vulnerabilities include: an outdated firewall, software, or application; weak passwords; or unprotected confidential data. People can also be considered a vulnerability.

People’s actions can significantly affect an organization’s internal network. Whether it’s a client, external vendor, or employee, maintaining security must be a united effort.

02 Play it safe: Manage Security Risks (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions