1 / 74

CISSP Security And Risk Management | CISSP Domain 1: Security And Risk Management | Simplilearn

CISSP is one of the toughest exams in the field of Cyber Security. It contains 8 different domains and you have to be master of all domains to clear the exam. The most important domain is security and risk management. It is a very interesting domain that explains about CIA triad, information security policies and governance, security control, security policies and compliance, threat, risk and vulnerability, personal security and everything about risk management. <br><br>These are the topics are explained in this CISSP training presentation:<br>1. What is CISSP?<br>2. Domains in CISSP<br>3. Information security<br>4. Vulnerability, threat, and risk<br>5. Risk management<br>6. Roles and responsibilities of management <br><br>The Certified Information Systems Security Professional (CISSP) is a globally recognized certification for information technology security professionals. Aligned with (ISC)u00b2 CBK 2018, our CISSP training covers all areas of IT security so you can become a strong information security professional.<br><br>CISSP Certification Course Overview:<br>The CISSP certification training develops your expertise in defining the IT architecture and in designing, building, and maintaining a secure business environment using globally approved information security standards. The course covers industry best practices and prepares you for the CISSP certification exam held by (ISC)u00b2.<br><br>CISSP Training Key Features:<br>- 67 hours of in-depth learning<br>- 5 simulation test papers to prepare you for CISSP certification<br>- Offers the requisite 30 CPEs for taking the CISSP examination<br><br>Eligibility:<br>The CISSP certification is the most globally recognized professional requirement in the IT Security domain. This CISSP training is best suited for those at the intermediate level of their career including; security consultants/managers, IT directors/managers, security auditors/architects, security system engineers, CIOs, and network architects.<br><br>Pre-requisites:<br>To obtain your CISSP certification, you must have a minimum of five years of full-time professional work experience in two or more of the 8 domains of the CISSP u2013 (ISC)u00b2 CBK 2018. A qualified individual with less than five years of experience will receive the (ISC)u00b2 associate title.<br><br>Learn more at https://www.simplilearn.com/cyber-security/cissp-certification-trainingCISSP Security And Risk Management | CISSP Domain 1: Security And Risk Management | Simplilearn<br>

Simplilearn
Download Presentation

CISSP Security And Risk Management | CISSP Domain 1: Security And Risk Management | Simplilearn

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What’s in it for you? What is CISSP? Domains in CISSP Information security What is CISSP? Vulnerability, Threat and Risk Risk management Roles and responsibilities of management

  2. What is CISSP?

  3. Click here to watch the video

  4. What is CISSP exam? CISSP is considered the gold standard in the field of information security

  5. What is CISSP exam? CISSP is considered the gold standard in the field of information security You will become an information assurance professional after this training

  6. What is CISSP exam? CISSP is considered the gold standard in the field of information security You will become an information assurance professional after this training To register for the exam, you must possess a minimum of five years of professional experience in the information security field

  7. What is CISSP exam? CISSP is considered the gold standard in the field of information security You will become an information assurance professional after this training To register for the exam, you must possess a minimum of five years of professional experience in the information security field The passing rate of this exam is less than 50%

  8. CISSP - CIA triad CISSP starts with CIA triad. CIA is very important for an organization. CISSP teaches you how to protect the CIA principles

  9. CISSP - CIA triad Confidentiality, Integrity, and Availability have served as the industry standard for computer security since the time of first mainframes. Confidentiality Integrity Availability

  10. CISSP - CIA triad Confidentiality, Integrity, and Availability have served as the industry standard for computer security since the time of first mainframes. Confidentiality The principles of confidentiality assert that information and functions can be accessed only by authorized parties Example: Military secrets I A

  11. CISSP - CIA triad Confidentiality, Integrity, and Availability have served as the industry standard for computer security since the time of first mainframes. C The principles of integrity assert that information and functions can be added, altered, or removed only by authorized people and means Example: Incorrect date entered by a user in the database Integrity A

  12. CISSP - CIA triad Confidentiality, Integrity, and Availability have served as the industry standard for computer security since the time of first mainframes. C I Availability The principles of availability assert that systems, functions, and data must be available on demand according to agreed-upon parameters based on levels of service

  13. Domains in CISSP?

  14. Domains in CISSP + Asset security Security and risk management Security architecture and engineering Software development security Security assessment and testing Communication and network security Identity and access management Security operations

  15. Information security

  16. Information security Information security is the process of protecting data and information systems Unauthorized access and use Information security protects data from:

  17. Information security Information security is the process of protecting data and information systems Unauthorized access and use Deletion Information security protects data from:

  18. Information security Information security is the process of protecting data and information systems Unauthorized access and use Deletion Information security protects data from: Modification

  19. Information security Information security is the process of protecting data and information systems Unauthorized access and use Deletion Information security protects data from: Destruction Modification

  20. Information security - Management Information security ensures the implementation of the following Information security policies Standards Guidelines Procedures Baselines Risk management Security organization Security education

  21. Information security - Governance Governance ensures that security strategies are aligned with business objectives and consistent with regulations Governance guarantees: Appropriate information security activities are being performed

  22. Information security - Governance Governance ensures that security strategies are aligned with business objectives and consistent with regulations Governance guarantees: Risks are reduced Appropriate information security activities are being performed

  23. Information security - Governance Governance ensures that security strategies are aligned with business objectives and consistent with regulations Governance guarantees: Risks are reduced Information security investments are appropriately directed Appropriate information security activities are being performed

  24. Information security - Governance Governance ensures that security strategies are aligned with business objectives and consistent with regulations Governance guarantees: Risks are reduced Information security investments are appropriately directed The executive management can determine program effectiveness Appropriate information security activities are being performed

  25. Information security - Security control Security control are the measures taken to safeguard an information system from attack against CIA Security control Administrative security controls

  26. Information security - Security control Security control are the measures taken to safeguard an information system from attack against CIA Security control Administrative security controls Technical security controls

  27. Information security - Security control Security control are the measures taken to safeguard an information system from attack against CIA Security control Physical security controls Administrative security controls Technical security controls

  28. Information security - Security policies Security policy is an overall broad statement produced by senior management that dictates the role of security within the organization Security policy characteristics Security policy must be generic, non-technical, and easily understood

  29. Information security - Security policies Security policy is an overall broad statement produced by senior management that dictates the role of security within the organization Security policy characteristics Security policy must be generic, non-technical, and easily understood It must integrate security into all business processes

  30. Information security - Security policies Security policy is an overall broad statement produced by senior management that dictates the role of security within the organization Security policy characteristics Security policy must be generic, non-technical, and easily understood It must integrate security into all business processes The policy must be reviewed and modified periodically or as company changes

  31. Information security - Security policies Security policy is an overall broad statement produced by senior management that dictates the role of security within the organization Security policy characteristics Security policy must be generic, non-technical, and easily understood It must integrate security into all business processes It must support vision and mission of the organization The policy must be reviewed and modified periodically or as company changes

  32. Information security - Compliance Compliance means confirming to a rule, such as specification, policy, standard, or law

  33. Information security - Compliance Compliance means confirming to a rule, such as specification, policy, standard, or law Need for compliance • To protect the critical information • To ensure controls • To protect shareholder interests • To understand the requirements for protecting organizational information • Failures can lead to loss of customer confidence, competitive advantage, contracts, jobs, etc. • Good controls make good business sense

  34. Information security - Code of ethics Code of ethics state “Safety of the commonwealth, duty to our principles, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behaviour. Therefore, strict adherence to this code is a condition of certification.” The ethics are: • Protect society, the commonwealth, and the infrastructure • Act honourably, honestly, justly, responsibility, and legally • Provide diligent and competent service to the principles • Advance and protect the procession

  35. Information security – Legal systems Legal systems provide the framework that determines how a country develops laws for information systems. The 3 legal systems are: Civil law

  36. Information security – Legal systems Legal systems provide the framework that determines how a country develops laws for information systems. The 3 legal systems are: Civil law Common law

  37. Information security – Legal systems Legal systems provide the framework that determines how a country develops laws for information systems. The 3 legal systems are: Civil law Common law Religious law

  38. Information security – Legal systems Legal systems provide the framework that determines how a country develops laws for information systems. The 3 legal systems are: Civil law Common law Religious law The information security professional should understand the different legal systems followed internationally

  39. Information security – Personal security The people inside the organization need access to data to complete their assigned work and, hence, have the potential to misuse these privileges

  40. Information security – Personal security The people inside the organization need access to data to complete their assigned work and, hence, have the potential to misuse these privileges Hiring practices includes: • Perform background checks • Get the confidentiality agreements signed • Get the conflict of interest agreements for the positions handling competitive information • Get the non-compete agreements for the positions in charge of unique corporate process

  41. Vulnerability, Threat and Risk

  42. Vulnerability, Threat and Risk Vulnerability Vulnerability is a weakness in a system or process Vulnerability implies the absence of countermeasure Vulnerability is internal and more easily managed

  43. Vulnerability, Threat and Risk Vulnerability Threat The threat is the possibility that vulnerability might be exploited which will result in loss Internal threats are controllable External threats are not controllable

  44. Vulnerability, Threat and Risk Vulnerability Threat If there is no threat and no vulnerability, there is no risk Risk Risk is produced when vulnerability and threat are present

  45. Vulnerability, Threat and Risk Threat Natural Fire Tornado

  46. Vulnerability, Threat and Risk Threat Natural Man made Hacker Fire Theft Tornado

  47. Vulnerability, Threat and Risk Threat Technical Natural Man made software bug Server fail Hacker Fire Theft Tornado

  48. Vulnerability, Threat and Risk Threat Supply system Technical Natural Man made software bug Server fail Hacker Fire Theft Electricity Short circuit Tornado

  49. Risk management

More Related