CISSP Domain 1 Refresh: Security and Risk Management

The Certified Information Systems Security Professional (CISSP) is the ideal certification, for Infosec professionals. As per the survey depicted in the below screenshot, acquiring this gold standard certification requires demonstrating that you have enough work experience and passing an exam covering the eight domains of information security.

This article covers the first of those eight domains, Security and Risk Management. Total of 16% of the questions in the CISSP exam comes from this domain. In this article, we will focus on each topic covered in the first domain. Topics which are covered under this domain are:

• Confidentiality, Integrity, and Availability
  
• Security Governance,
  
• Compliance and Ethics
  
• Security Policies
  
• Business Continuity
  
• Personal Security
  
• Risk Management
  
• Threat Modelling
  
• Awareness and Training
  

The CIA triad model is often used when discussing the primary objective of information security. This model features the three most critical functions that information security performs in an enterprise, its confidentiality, integrity, and availability.

Confidentiality guarantees that only authorized individuals have access to information and resources. Malicious individuals seeking to undermine confidentiality are often said to engage in disclosure attacks making sensitive information available to individuals or the general public without the information owners’ consent.

Integrity implies that there ought not to be any unauthorized changes to the information. These unauthorized changes may come as a hacker looking to purposefully modify data or a service disruption that accidentally affects data stored in a system. In either case, it’s the information security professional’s responsibility to prevent these lapses in integrity.

Availability ensures that authorized people can access data when they require it. If users can’t have access to essential business records or systems, that absence of availability may have a big impact on the business. Often hackers impede the availability of the system by causing Denial of Service attack, through these attacks (Read more...)