Activity
Mon
Wed
Fri
Sun
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Jan
What is this?
Less
More

Memberships

CISSP Study Group

Public ā€¢ 1k ā€¢ Free

CISSP Study Group+

Private ā€¢ 19 ā€¢ $40/m

178 contributions to CISSP Study Group
Practice Question
ABC is a manufacturing business with branches in England, USA, India, and Mexico. A risk analysis determines that the factory in USA might be shut down by winter conditions. This happens once every four years. The capacity of the plant is 30% of the company's overall production. A winter shutdown of the USA plant would cost the company an estimated of $300,000. What is the single loss expectancy, SLE, of a winter shutdown? a. $30,000 b. $90,000 c. $60,000 d. $300,000
0
2
New comment 7h ago
Cross-Site Scripting (XSS), SQL Injection (SQLi), Cross-Site Request Forgery (CSRF), and Session Hacking
Please see attached documents with highlights over the differences between Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF), and Session Hacking
1
3
New comment 14h ago
0 likes ā€¢ 14h
You are welcome šŸ˜Š
Final Review Document for CISSP Exam (CISSP-Sunflower-Notes)
Please find attached a great summary for your final review prior to your CISSP Exam. This document was created by Maarten De Frankijer
6
2
New comment 14h ago
0 likes ā€¢ 14h
You are welcome šŸ˜Š
Difference between Risk Assessment and Security assessment
Know the main difference between Risk Assessment and Security assessment While the terms "risk assessment" and "security assessment" are often used interchangeably, there are key differences in their scope and focus: Risk Assessment - Focus: Identifying, analyzing, and evaluating potential risks that could negatively impact an organization's assets, operations, or objectives. Ā  - Scope: Broader scope, considering all types of risks, including security risks, operational risks, financial risks, and strategic risks. - Methodology: Involves identifying threats, vulnerabilities, and the potential impact of those threats exploiting the vulnerabilities. It aims to determine the likelihood and potential consequences of an event. Ā  - Outcome: Provides a prioritized list of risks based on their potential impact and likelihood, enabling informed decision-making on risk mitigation strategies. Ā  - Example: Assessing the risk of data loss due to a natural disaster, considering factors like the likelihood of a disaster occurring, the vulnerability of data storage facilities, and the potential financial and reputational impact of data loss. Security Assessment - Focus: Evaluating the effectiveness of an organization's security controls in protecting its assets and information. - Scope: Narrower scope, focusing specifically on security-related risks and vulnerabilities. - Methodology: Involves examining security controls, such as policies, procedures, technical safeguards, and physical security measures, to identify weaknesses and vulnerabilities. Ā  - Outcome: Provides a report on the organization's security posture, highlighting vulnerabilities and recommending improvements to security controls. Ā  - Example: Conducting a penetration test to identify vulnerabilities in a network or performing a security audit to assess compliance with security policies and standards. Ā  Relationship between Risk Assessment and Security Assessment Security assessments are often a component of a broader risk assessment. The results of a security assessment can provide valuable input for a risk assessment by identifying specific vulnerabilities that could be exploited by threats.
0
0
Deep Dive into Security Governance
Security Governance: Security governance is the framework of processes, practices, and programs an organization implements to manage and mitigate cybersecurity risks. It's essentially the strategic approach to ensuring security aligns with the overall business objectives. It is the overarching framework that guides how an organization manages and implements its security program. It's about establishing clear responsibilities, policies, and processes to ensure that security efforts align with business objectives and risk tolerance Key Components of Security Governance - Strategic Alignment: Security initiatives should directly support the organization's overall business strategy. This involves understanding business goals, risk appetite, and legal/regulatory requirements. - Risk Management: Identifying, assessing, and mitigating security risks is a core function. This includes establishing a risk management framework, conducting regular risk assessments, and implementing appropriate controls. - Policy and Standards: Clear and comprehensive security policies, standards, and procedures provide a foundation for consistent security practices across the organization. - Organizational Structure: Defining roles and responsibilities for security is essential. This includes establishing a security team, assigning accountability for security decisions, and ensuring clear lines of communication. - Compliance: Adhering to relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, PCI DSS) is a critical aspect of security governance. - Monitoring and Reporting: Regularly monitoring security controls and reporting on their effectiveness is crucial for identifying areas for improvement and demonstrating due diligence. Principles of Effective Security Governance - Responsibility: Clearly defined roles and responsibilities for security at all levels of the organization. - Accountability: Individuals and teams are held accountable for their security-related actions. - Transparency: Open communication and reporting on security matters. - Compliance: Adherence to relevant laws, regulations, and standards. - Continuous Improvement: Regularly reviewing and updating security policies and practices to adapt to evolving threats and business needs.
0
0
1-10 of 178
@fouad-ahmed-2832
Cyber Security professional, very interested to learn the latest in cybersecurity world as well knowledge sharing

Active 11h ago
Joined Oct 25, 2024
Boston, MA
powered by