Study Notes: CISSP Security Concepts

Here’s my study notes from Security Concepts in ISC(²) CISSP Official Study guide.

Table Of Contents

CIA Triad

Principle Key concepts
Confidentiality Sensitivity, Discretion, Criticality, Concealment, Secrecy, Privacy, Seclusion, Isolation
Integrity Accuracy, Truthfulness, Validity, Accountability, Responsibility, Completeness, Comprehensiveness
Availability Usability, Accessibility, Timeliness

DAD Triad

The opposite of CIA Triad. Think of it as the objectives of an adversary.

  • Disclosure
  • Alteration
  • Denial

AAA Framework

The AAA framework are the fundamental mechanisms of a secure environment.

The ISC(²) is separating the Auditing from Accounting. Some organizations and knowledge-bases consider auditing and accounting as one category.

Category Explanation
Identification Claiming an identity.
Authentication Proving an identity.
Authorization Requesting access to system.
Auditing Recording events related to the subject and system.
Accounting Reviewing the event logs.

Protection Mechanisms

Concept Key ideas
Defense in Depth Layered security > parallel.
Abstraction Classification, categorization and labelling.
Data Hiding Unable to access or see, not only hidden.
Encryption Scrambled data and key-assigned.

Security Boundaries

The intersection between any two areas, subnets, or environments that have different security requirements or needs.

  • Applies to both physical and digital areas.
  • The perimeter of the security boundaries and its respective policies must be clearly defined.
  • All security mechanisms must be weighed against the value of the protected assets.

Security Governance Principles

The collection of of practices related to supporting, evaluating, defining, and directing the security efforts of an organization.

Similar posts