IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [cissp]

CISSP is an abreviation for Certified Information Systems Security Professional. It is a certification offered by the International Information Systems Security Certification Consortium, AKA: (ISC)^2.

The CISSP is a widely recognized certification in the IT Security industry. Its requirements include:

  • Five years of security experience in relevant job roles.
    • One year may be waived for having a four-year college degree, MS in information security, or certain other certifications.
    • Candidates who do not meet this requirement may be certified as an "Associate of (ISC)2" for until they obtain the experience, up to six years.
  • Acceptance of CISSP Code of Ethics.
  • Potential audit of qualifications.
  • Completion of an exam, with an acceptable score.
  • Endorsement by a member of (ISC)2 who is in good standing.
44 questions
3
votes
2 answers

How exactly are registration authorities related to certificate authorities?

In preparing for the CISSP exam, the course material seems to emphasize a distinct role between a Certificate Authority and a Registration Authority. As per the study guide description: Registration authorities (RAs) assist CAs with the burden of…
Mike B
  • 3,336
  • 4
  • 29
  • 39
3
votes
3 answers

What's the difference between "Due Care" and "Due Diligence"?

Can someone please explain the difference between "due care" and "due diligence"? They seem very similar to one another and after researching more and more, I'm getting confused. One tech book described it like this: Due care is using reasonable…
Mike B
  • 3,336
  • 4
  • 29
  • 39
3
votes
1 answer

Administrative recovery control mentions antivirus - error?

I am reading through Version 7 of the CISSP study guide and stumbled on a possible error. It mentions - in the administrative controls section - that Recovery is a subset/alternate version of corrective controls and include (various), but also…
RLFP
  • 617
  • 5
  • 15
2
votes
2 answers

Smart cards and firewalls are what type of access control?

Specifically for the CISSP, trying to figure out what type of access control these would be considered.
gorgon112
  • 21
  • 2
2
votes
1 answer

What is the difference between data owner, data custodian and system owner?

I just started studying up for the CISSP and am having trouble understanding few concepts: Data owner Data custodian System owner Somewhere I read: The data owner (information owner) is usually a member of management who is in charge of a…
kudlatiger
  • 149
  • 1
  • 8
2
votes
1 answer

CISSP Certification

Possible Duplicate: Good (preferably free) resource for CISSP practice questions I am currently reviewing and aiming for a CISSP certification on the fourth quarter of this year. I've been reading the late Tipton's official isc2 guide for the…
John Santos
  • 633
  • 3
  • 9
2
votes
2 answers

What's the difference between "access aggregation" and "authorization creep"?

I'm studying for the CISSP and am getting hung up on some terminology. Specifically, I'm confused on the difference between access aggregation and authorization creep. In both cases, it seems to me that an individual users are gaining more access…
Mike B
  • 3,336
  • 4
  • 29
  • 39
2
votes
2 answers

Legal Risk to unpatched servers

Since one of the 10 domains on the CISSP is legal/governance, I figured this would be the best place to ask. I recently did a security assessment for a non-profit. I found that their systems needed some attention. I want to make it clear to them…
Jeff
  • 646
  • 5
  • 12
2
votes
3 answers

Confusing definitions of "parasitic virus" and "worm"

I was studying for CISSP certification when I came across the question "what type of virus attaches itself to an executable?" The answer was "parasitic". I find terms relating to viruses and malware to be a bit confusing. I thought all viruses…
Celeritas
  • 10,039
  • 22
  • 77
  • 144
2
votes
1 answer

CISSP Cert: can an IT sales pro pursue CISSP?

I am a sales and product professional who has a total of 9 years experience in IT; related to selling products indirectly or directly. I started my career working as a product manager for hardware vendors like Dell and HP. But was not selling…
Haseen
  • 21
  • 1
1
vote
0 answers

Best way to get "into the security industry"?

Possible Duplicate: What are the career paths in the computer security field? I've been called a "jack of all trades" guy, who has been working in health care and finance for about seven years. Most of my positions, including my current one of…
mbrownnyc
  • 333
  • 2
  • 8
1
vote
0 answers

Does analyst API Flurry break Australian Privacy Act or any other Legal, Regulations, Compliance?

I want introduce Flurry API in my iOS app. But I heard since 2014 Australia start an act to against web page and mobile app to collect user information. My question is simple: Does using of API Flurry break Australian law? or any kind of…
Yi Jiang
  • 119
  • 5
1
vote
0 answers

What would be the logical approach in breaking down the following scenario in regard to CISSP Domains?

I'm currently doing my Cyber Security Certification program, I along with my fellow classmates are in Beginner stages. Over the past few weeks we have been writing up variety of Discussions using Domains 1 to 5, for this Week we are given a scenario…
0111010001110000
  • 33
  • 4
1
vote
2 answers

What is the difference between concealment and secrecy in context of confidentiality?

I just started studying up for the CISSP and am having trouble understanding few concepts. This is regarding confidentiality, Below are some of the aspects of…
kudlatiger
  • 149
  • 1
  • 8
1
vote
1 answer

Difference between ISO/IEC 27001 and CISSP CBK

Sorry to ask this, I am quite new to Security area. Recently I am trying to introduce some security standards. After some searching I found this out in this doc Among them, ISO is the best-known standard for ISMS, which helps to establish and…
Hearen
  • 121
  • 1
  • 5
1
2
3