CISSP: Next target

Saurabh Sharma

I just finished my upgrade to Safe Certification and now will be going for CISSP certification. Wish my luck guys!

Some quotes

  • Effective security plans anticipates change, focuses on specific and achievable objectives, potential problems, and serves as the basis of decision making.
  • Operational plans are the shortest and most frequently updated
  • Tactical plans are mid term plans and supports strategical plans.
  • Strategic plans are the long term plans (usually 5 years) and usually includes risk assessment.
  • Data classification is the primary means by which data is protected based on its need for secrecy, sensitivity and confidentiality.
  • Data classification is the process of organizing objects, subjects, items into groups of similarities (value, cost, vulnerability, risk, power, privilege)
  • Stratify the process of organizing and securing data based on assigned labels of importance and sensitivity.
  • Data classification also addresses how data is removed and destroyed.
  • Security policy is used to assign responsibilities, define acceptable risks, define roles, specify audit requirements and indicate compliance.
  • Security policy are not optional rather mandatory.
  • Three types of security policies are regulatory, advisory and informative.

Leave a Reply

Your email address will not be published. Required fields are marked *