3 February 2025
CISSP - Domain 1 and 2
by ogmini
I’ve started studying for the CISSP exam and what follows are a recap and notes on Domains 1 and 2. So far, I’m finding the material pretty straightforward and things that I’m already doing in my professional life. As everyone says, you need to think like a management for this certification and I already do.
Domain 1 - Security and Risk Management
- Confidentiality, Integrity, Availability, Authenticity, Nonrepudiation
- Governance Alignment
- Accountablity (NOT Delegated) vs Responsibility (Delegeated)
- Due Care vs Due Diligence (Proves due care)
- IP Laws, international data laws, privacy
- Different types of data (3P, IP, SD)
- Different authorities
- Risk Management
- Value/Valuation of assets
- Risk Analysis
- Treament (Avoid, Transfer, Mitigate, Accept)
- Threat Modelling
- Supply Chain Risks
- Training and Education
Domain 2 - Asset Security
- Identification and Classification
- Data Owners and other roles
- Policies for Data Classification
- Data Lifecycle all the wya to destruction and archiving
- Data security at rest, in transit, and in use
- DRM
- DLP
tags: certification