Samarthya

I just finished my upgrade to Safe Certification and now will be going for CISSP certification. Wish my luck guys!

Some quotes

• Effective security plans anticipates change, focuses on specific and achievable objectives, potential problems, and serves as the basis of decision making.
• Operational plans are the shortest and most frequently updated
• Tactical plans are mid term plans and supports strategical plans.
• Strategic plans are the long term plans (usually 5 years) and usually includes risk assessment.
• Data classification is the primary means by which data is protected based on its need for secrecy, sensitivity and confidentiality.
• Data classification is the process of organizing objects, subjects, items into groups of similarities (value, cost, vulnerability, risk, power, privilege)
• Stratify the process of organizing and securing data based on assigned labels of importance and sensitivity.
• Data classification also addresses how data is removed and destroyed.
• Security policy is used to assign responsibilities, define acceptable risks, define roles, specify audit requirements and indicate compliance.
• Security policy are not optional rather mandatory.
• Three types of security policies are regulatory, advisory and informative.