CISSP Notes for ISC2 Exam
Domain 1. Security and Risk Management Domain 2. Asset Security Domain 3. Security Architecture and Engineering Domain 4. Communication and Network Security Domain 5. Identity and Access Management (IAM) Domain 6. Security Assessment and Testing Domain 7. Security Operations Domain 8. Software Development Security
Length of exam 3 hours Number of items 100 - 150 Item format Multiple choice and advanced innovative items Passing grade 700 out of 1000 points
Chapter 1 - Security Governance Through Principles and Policies
Security 101
- Security is essential because it helps to ensure that an organization can continue to exist and operate despite any attempts to steal its data or compromise its physical or logical elements.
- IT and security are different.
- Security is the business management tool that ensures the reliable and protected operation of IT/IS. Security exists to support the organization's objectives, mission, and goals.
- Three common types of security evaluation:
- Risk Assessment: identifying assets, threats, and vulnerabilites to calculate risk.
- Vulnerability Assessment: