NOTE: These notes are very random and These are some concept but are not in detail and explained enough , so it’s best to treat them as concepts to research on , so do your on deep dive into each of the concepts using Google, Youtube and AI

Created by Salman Al Qureshi Linkedin: Salman Qureshi

http://www.linkedin.com/in/salman-qureshi-4aa41a247

CISSP:

Common Body of Knowledge (CBK)

• In security, the Common Body of Knowledge (CBK) is a comprehensive framework of all the relevant subjects a security professional should be familiar with, including skills, techniques and best practices. The CBK is organized by domain and is annually gathered and updated by (ISC)2 (International Information Systems Security Certification Consortium) to reflect the most relevant topics within the industry. CISSP CBK domains: The eight CISSP domains are the following:

1. Security and Risk Management. This domain deals with risk management concepts, threat modeling, the security model, security governance principles, business continuity requirements, and policies and procedures.
2. Asset Security. This domain contains topics that involve data management and standards, longevity and use, how to ensure appropriate retention and how data security controls are determined.
3. Security Engineering. This domain tests a candidate on security engineering processes, models and design principles, including database security, cryptography systems, clouds and vulnerabilities.
4. Communications and Network Security. This domain includes network security and the creation of secure communication channels, such as secure network architecture design and components including access control, transmission media and communication hardware.
5. Identity and Access Management. This domain focuses on system access, authorization, identification and authentication, including access control and multifactor authentication.
6. Security Assessment and Testing. This domain covers the tools needed to find vulnerabilities, bugs and errors in code and system security, as well as vulnerability assessment, penetration testing and disaster recovery.
7. Security Operations. This domain deals with digital forensic and investigations, detection tools, firewalls and sandboxing, as well as incident management.
8. Software Development Security. This domain contains information on how to build and integrate security into the software development lifecycle.

Common Terms in Sec

• Governance = How an organization is managed.

• Merger = its when two companies combine into one

• Acquisition = its when one company buys another small company or any company

• Divestitures refer to the process by which a company sells, liquidates, or otherwise disposes of one of its business units, subsidiaries, or assets

• Due diligence is the process of conducting thorough investigations and evaluations about a particular thing—such as a business, investment, or partnership—before making a decision.

• Compliance: Adhering to Rules and StandardsCompliance means conforming to a set of rules, regulations, or standards. It's about acting in accordance with the law, industry best practices, or internal policies.

• Compliance validation refers to the process of assessing whether an individual, organization, system, or process complies with a specific set of rules, regulations, or standards. It is an essential component of ensuring security and adherence to industry best practices. Let's analyze each statement:

BCP A business continuity plan

• is a document that explains the actions you should take before, during and after unexpected events and situations