Scribd Logo
Upload

Welcome to Scribd!

  • Key CISSP Concepts

    Uploaded by

    shakir ahmed
    17 views2 pages
    KT

    Original Title

    Key Terms & Concepts

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    KT

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    17 views2 pages

    Key CISSP Concepts

    Uploaded by

    shakir ahmed
    KT

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    9/30/2018 KEY TERMS & CONCEPTS

    Shakir Goldsmith
    CISSP Notes

    A policy is typically a document that outlines specific requirements or rules that must be
    met. In the information/network security realm, policies are usually point-specific,
    covering a single area. For example, an "Acceptable Use" policy would cover the rules
    and regulations for appropriate use of the computing facilities.

    A standard is typically a collection of system-specific or procedural-specific requirements


    that must be met by everyone. For example, you might have a standard that describes
    how to harden a Windows 8.1 workstation for placement on an external (DMZ) network.
    People must follow this standard exactly if they wish to install a Windows 8.1 workstation
    on an external network segment. In addition, a standard can be a technology selection,
    e.g. Company Name uses Tenable Security Center for continuous monitoring, and
    supporting policies and procedures define how it is used.

    A guideline is typically a collection of system specific or procedural specific "suggestions"


    for best practice. They are not requirements to be met, but are strongly recommended.
    Effective security policies make frequent references to standards and guidelines that exist
    within an organization.

    Network security consists of the policies and practices adopted to prevent and monitor
    unauthorized access, misuse, modification, or denial of a computer network and
    network-accessible resources.

    Network security involves the authorization of access to data in a network, which is


    controlled by the network administrator.

    Users choose or are assigned an ID and password or other authenticating information


    that allows them access to information and programs within their authority.

    The most common and simple way of protecting a network resource is by assigning it a
    unique name and a corresponding password.

    Domains of COBIT5

    1. Plan & Organize


    2. Acquire & Implement
    3. Deliver and Support
    4. Monitor & Evaluate

    Domain 1: Security and Risk Management


    1.1 Security Governance P a g e 1|1

    You might also like