Search for:
  • Home
  • Cisco
    • CCNA
      • CCNA Devnet
      • CCNA Cyber Ops
      • CCNA Other
    • CCNP/CCIE
      • CCNP Enterprise(Wireless)
        • Core Exams
        • Concentration Exams
      • CCNP Service Provider
        • Core Exams
        • Concentration Exams
      • CCNP Data Center
        • Core Exams
        • Concentration Exams
      • CCNP Security
        • Core Exams
        • Concentration Exams
      • CCNP Collaboration
        • Core Exams
        • Concentration Exams
      • CCNP DEVNet
        • Core Exams
        • Concentration Exams
      • CCNP Design
    • Other
  • CCIE Lab
    • CCIE EI Lab
    • CCIE DC Lab
    • CCIE Security Lab
    • CCIE Training
      • CCIE Enterprise Infrastructure Training
  • PMI
    • PMP
    • ACP
    • RMP
    • PgMP
    • PBA
  • ISACA
    • CISM
    • CISA
  • AWS
  • Microsoft
  • Others
    • GCIH
    • Palo Alto
    • Huawei
    • CompTIA
    • Oracle
    • Fortinet
    • Aruba
    • Python
    • CEHV10
    • VMware
  • News

Sign In

Lost your password?

Not a member yet? Sign Up
  • phone +86 18344981205
  • email support@spoto.net
Home
  • Home
  • Cisco
    • CCNA
      • CCNA Devnet
      • CCNA Cyber Ops
      • CCNA Other
    • CCNP/CCIE
      • CCNP Enterprise(Wireless)
        • Core Exams
        • Concentration Exams
      • CCNP Service Provider
        • Core Exams
        • Concentration Exams
      • CCNP Data Center
        • Core Exams
        • Concentration Exams
      • CCNP Security
        • Core Exams
        • Concentration Exams
      • CCNP Collaboration
        • Core Exams
        • Concentration Exams
      • CCNP DEVNet
        • Core Exams
        • Concentration Exams
      • CCNP Design
    • Other
  • CCIE Lab
    • CCIE EI Lab
    • CCIE DC Lab
    • CCIE Security Lab
    • CCIE Training
      • CCIE Enterprise Infrastructure Training
  • PMI
    • PMP
    • ACP
    • RMP
    • PgMP
    • PBA
  • ISACA
    • CISM
    • CISA
  • AWS
  • Microsoft
  • Others
    • GCIH
    • Palo Alto
    • Huawei
    • CompTIA
    • Oracle
    • Fortinet
    • Aruba
    • Python
    • CEHV10
    • VMware
  • News
perm_identity Get Started

Blog

Home > News > CISSP > Security and Risk Management in CISSP

Security and Risk Management in CISSP

access_time2019-08-14
perm_identity Posted by spoto
folder_open CISSP
Security-and-Risk-Management-in-CISSP

Risk is a crucial element in all our lives. In every action we plan to take in our personal and professional lives, we need to analyze the risks associated with it. From a cybersecurity perspective, industries such as energy, healthcare, banking, insurance, retail, etc., involves a lot of risks which impedes the adoption of technology and which needs to be effectively managed. The associated risks which need to be addressed evolve quickly and must be handled in a short period of time.

Computing technology is not restricted to Mainframes and PCs anymore.

Risk management involves comprehensive understanding, analysis, and risk-mitigating techniques to ascertain that organizations achieve their information security objective. Risk is inherent fundamentally in each and every aspect of information security decisions and thus risk management concepts help aid each decision to be effective in nature. If you wish to gain a more thorough knowledge of this module, you are required to gain the prep courses, which are being offered at SPOTO.

SPOTO 100% pass dump

The major components of Security and Risk Management crucial for CISSP are:

  •    Security Model / Information security within the organization
  •    The triad of information security – Confidentiality, Integrity, and Availability
  •    Security governance principles
  •    Business continuity requirements
  •    Policies, standards, procedures, and guidelines
  •    Risk management concepts
  •    Threat modeling

Security Fundamentals

Confidentiality, integrity, and availability (the CIA triad) is a typical security framework intended to guide policies for information security within an organization.

  1. Confidentiality: Prevent unauthorized disclosure

Confidentiality of information would be referring to grant protecting the information from disclosure to unauthorized parties.

Key areas for maintaining confidentiality:

  •    Social Engineering: Training and awareness, defining Separation of Duties at the tactical level, enforcing policies and conducting Vulnerability Assessments
  •    Media Reuse: Proper Sanitization Strategies
  •    Eavesdropping: Use of encryption and keeping sensitive information off the network with adequate access controls
  1. Integrity: Detect modification of information

The integrity of information denotes protecting the sensitive information from being modified by unauthorized parties.

Key areas for maintaining confidentiality:

  •    Encryption – Integrity based algorithms
  •    Intentional or Malicious Modification
  •    Message Digest (Hash)
  •    MAC
  •    Digital Signatures
  1. Availability: Provide timely and reliable access to resources

The availability of information signifies ensuring that all the required or intended parties are able to access the information when needed.

Key areas for maintaining availability:

  •    Prevent a single point of failure
  •    Comprehensive fault tolerance such as Data, Hard Drives, Servers, Network Links, etc.

Risk Management

Risk management is the process of identifying, examining, measuring, mitigating, or transferring risk. Its main goal is to reduce the probability or impact of an identified risk. The risk management lifecycle includes all risk-related actions such as Assessment, Analysis, Mitigation, and Ongoing Risk Monitoring which we will discuss in the latter part of this article.

The success of a security program can be traced to a thorough understanding of risk. Without proper consideration and evaluation of risks, the correct controls may not be implemented. The risk assessment would be ensuring that we identify and evaluate our assets, then identify threats and their corresponding vulnerabilities.

Risk analysis allows us to prioritize these risks and ultimately assign a dollar value to each risk event. Once we have a dollar value for a particular risk, we can then make an informed decision as to which mitigation method best suits our needs. And at the end, as with all elements of a security policy, the ongoing evaluation would be considered as essential. New attacks and other threats are always emerging, and security professionals must stay informed and up to date.

These were some basic details which would be going to cover in the Security and Risk Management module of the CISSP. If you wish to have more knowledge regarding the CISSP exam, you should join the courses which would be offered by the SPOTO.
SPOTO 100% pass dump

Post Views: 690
Tags: CISSP answers and questionsCISSP CAT CcertificationCISSP Certification exam
Newer The Best Dumps to CCDA Certification Exam
Older How to Schedule the CCIE Exam?

Leave a Reply Cancel reply

Cisco Course

Latest Passing Reports

2.18-HPE6-A70
2.18-HPE6-A70
2.15-nse4
2.15-nse4
2.19-200-301
2.19-200-301
pmp
pmp
CCIEf Lab Exam
Categories
  • ACP
  • Aruba
  • AWS
  • CCIE
  • CCIE Lab
  • CCNA
  • CCNP
  • CEH v10
  • Check Point
  • CISA
  • Cisco
  • CISM
  • CISSP
  • CompTIA
  • COVID-19 News
  • F5
  • Fortinet
  • Free Study Materials
  • Huawei
  • ISACA
  • ISC
  • ITIL V4
  • Juniper
  • Linux
  • Microsoft
  • NOKIA
  • Oracle
  • OTHER
  • PCCSA
  • PCNSA
  • PCNSE
  • PgMP
  • PMI
  • PMP
  • python
  • Redhat
  • RMP
  • SPOTO News
  • VMware
  • 中文战报
Recent Posts
  • Is Pmbok sufficient for PMP?
  • Can You Get An AWS Job With No Experience in 2021?
  • What kind of jobs can a CCNA get?
  • How Many Questions Is The CISA Exam?
  • How To Pass CISA Exam?
Recent Comments
  • derry on CCNA RS 200-125 Cisco Certified Network Associate Exam
  • Felicia on CCIE Routing and Switching V5.0 Lab Exam
  • Abed Kamukwema on Microsoft Certifications 70-741 MCSA Networking with Windows Server 2016 Exam
  • Rumesh Dushmantha on How Do I Verify a Cisco Certification?
  • Felix Kessy on CISA Certified Information Systems Auditor Exam
Tags
AWS Certification exam AWS certification exam dumps AWS Exam dumps AWS exam questions and answers AWS practice exam AWS Practice Tests AWS sample questions CCIE Certification exam ccie certification exam dumps ccna 200-301 exam dumps CCNA Certification exam dumps CCNA exam dumps CCNA Exam questions and answers CCNA practice exam CCNA practice tests CCNP exam dumps cisa exam dumps CISA exam questions and answers CISA practice tests Cisco certification cisco certification exam dumps cisco exam dumps Cisco exam questions and answers CISM exam dumps CISM Practice Tests CISSP answers and questions CISSP Certification exam cissp certification exam dumps cissp certification exam practices Cissp exam dumps Microsoft exam dumps pmp certification PMP certification exam dumps pmp exam PMP exam answers and questions pmp exam dumps PMP exam practice tests PMP Exam questions and answers PMP practice exam PMP practice exams PMP practice tests PMP sample questions SPOTO IT Training SPOTO pass news 思博ccie认证

SPOTO CLUB IT Certifications Dumps LOGO

SPOTO, founded in 2003, focus on online IT certification training for 17 years. SPOTO stands for Service, Professional, Outstanding, Teamwork and Obtain.

  • location_on
    Fuzhou, FuJian, China
  • phone_android
    +86 18344981205
Quick Links
  • CCIE Lab
  • Cisco Certifications
  • CCNA
  • CCNP
  • CCIE
  • CCDE
  • AWS
Newsletter

Don’t miss anything, sign up now and keep informed about our company.


User Links
Login | Register | News | Events | About Us | Contact Privacy
© 2021 Home. All rights reserved
keyboard_arrow_up

New 2020 Cisco CCNA CCNP Exam Dumps Are Available Now