Activity
Mon
Wed
Fri
Sun
Aug
Sep
Oct
Nov
Dec
Jan
Feb
Mar
Apr
May
Jun
What is this?
Less
More
Memberships
CISSP Study Group
2.2k members • Free
28 contributions to CISSP Study Group
Sep '25 •
Practice Question – Security Models
You are designing a system for a law firm that represents multiple competing corporations. The system must: - Prevent lawyers from accessing case files of competing clients - Ensure paralegals can enter data but only senior attorneys can approve filings - Maintain confidentiality of client records Which combination of models is most relevant here? A. Bell–LaPadula and Biba B. Clark–Wilson and Brewer–Nash C. Bell–LaPadula and Clark–Wilson D. Brewer–Nash and Biba
0 likes • Sep '25
C
Sep '25 •
CISSP Practice Question – Security & Risk Management (Ethics)
While performing a security assessment for a client, you discover confidential information that suggests the client’s employees are engaging in activity that may be illegal but is unrelated to the scope of your engagement. According to the ISC2 Code of Ethics, what is the BEST action for you to take? A. Report the activity directly to law enforcement. B. Inform your client’s senior management about the findings. C. Document the evidence and keep it in case it’s needed later. D. Ignore the activity since it is outside the scope of your contract.
1 like • Sep '25
The question didn't state that 'you' was a ISC2 Certified professional, so if "you" aren’t certified, the code might not technically apply.
Sep '25 •
Passed The CISSP Exam.
Big news! I'm thrilled to share that I've passed the CISSP exam on my first attempt, finishing at the 100-question mark. This was an intense but rewarding challenge, and my success was powered by a fantastic study stack. A huge thank you to the creators of: *Sybex Official Guide: The Audible version was a game-changer for constant learning. *Destination Certification: Their mind maps and app were crucial for visualizing and practicing concepts. *Cissp.app: An essential tool for drilling questions. *Pete Zerger's exam prep: For providing that critical strategic insight. Leveraging AI tools like Gemini and ChatGPT for dynamic Q&A sessions was also invaluable. Finally, a huge thank you to everyone who shares their knowledge and experiences so openly. I am eager to pay it forward and contribute to the community.
0 likes • Sep '25
@Annette Corona Many thanks.
0 likes • Sep '25
@Andrew Null Andrew Null Many thanks!
Sep '25 •
CISSP Practice Question – Governance & Risk
Senior management has approved funding for a new information security program. The CISO wants to ensure that the program is sustainable and aligned with business strategy. Which of the following is the MOST important first step? A. Develop detailed security policies and procedures for all business units. B. Conduct a comprehensive risk assessment across the organization. C. Implement baseline technical controls to address known vulnerabilities. D. Establish a security steering committee with representation from business leadership.
1 like • Sep '25
B is a good candidate. Conduct a comprehensive risk assessment across the organization. The information gathered during a risk assessment is critical for justifying resource allocation, prioritizing risks, and formulating the strategic objectives that the steering committee will then govern. While a security steering committee is essential for long-term program governance and strategic oversight, it cannot effectively fulfill its purpose without the concrete, data-driven insights provided by a risk assessment. This is my thoughts.
1 like • Sep '25
@Idris Onimole Thanks for the question. The key focus in the question is identifying the "most important first step," which emphasizes the need to prioritize the initial action that sets the foundation for a sustainable and business-aligned information security program. That been said, a CISO do not need a Steering committee to conduct risk assessments. Senior mgt is already aligned with the Security program by approving funds for it. While not strictly necessary for the assessment itself, the committee's involvement can ensure the assessment's findings are prioritized and integrated into broader business goals, making it a complementary step after the initial risk assessment. A security steering committee, typically composed of representatives from business leadership as you rightly noted, functions to provide strategic oversight and direction for the information security program. Its key roles include aligning security initiatives with business objectives, approving policies and budgets, monitoring progress, resolving conflicts, and ensuring the program remains sustainable and effective across the organization. The CISSP exam is a worded exam, candidate must pay close attention to their carefully chosen, precise language in its questions.
Sep '25 •
CISSP Practice Question – Legal & Compliance
An international company processes personal data from customers in the European Union (EU) and stores that data on servers located in the United States. What is the company’s PRIMARY legal obligation under GDPR in this scenario? Comment your answer...
3 likes • Sep '25
The company's primary legal obligation is to ensure a lawful mechanism for transferring personal data outside of the European Union as the company is actively required, to have a valid legal mechanism in place (like Standard Contractual Clauses or certification under the EU-U.S. Data Privacy Framework).
1-10 of 28
Active 115d ago
Joined Apr 12, 2025
Powered by