CISMP Exam Preparation 2024/2025

CISMP Exam Preparation 2024/2025 Information Assurance - ANSWER-The confidence that systems will protect the info they carry and will function as and when they need to under legit, authorized users information security management system (ISMS) - ANSWER-Preservers the CIA of info by applying a risk management process. ISMS must be part of and integral. with the org's processes/management structure and that InfoSec is considered in the design of processes, IS's and controls CIA - ANSWER-Confidentiality, integrity, and availability. Confidentiality helps prevent the unauthorized disclosure of data. Integrity provides assurances that data has not been modified, tampered with, or corrupted. Availability indicates that data and services are available when needed. statement of applicability (SOA) - ANSWER-a document listing all the controls that you have implemented against the risks you have identified SIEM - ANSWER-System Information and Event Management Software tool that aggregates multiple server logs and monitors them CTI - ANSWER-Cyber Threat Intelligence Risk Assessment - ANSWER-The overall process of risk identification, analysis and evaluation. Risk treatment - ANSWER-a process to modify risk Risk management/evaluation process - ANSWER-coordinated activities to direct and control an org with regard to risk AVOID, ACCEPT, TRANSFER, REDUCE Risk Management Lifecycle - ANSWER-Identify, analyze, treat, monitor Residual risk - ANSWER-exposure remaining from a specific risk after action has been taken to manage it, assuming the action is effective Risk appetite - ANSWER-level of risk an org is prepared to accept, tolerate or be exposed to Asset value - ANSWER-How much the business will lose if the asset is compromised, how much it is worth in business terms Qualitative Risk Analysis - ANSWER-Rating risk on high, medium, low basis e.g traffic light system, red amber green Quantitative risk analysis - ANSWER-Uses a formal scoring methodology based on complex mathematical formula and gathering of data Impact - ANSWER-the max consequence to the business of the risk occurring Likelihood - ANSWER-the probability that the risk will occur or the threat will come to pass Cost benefit analysis - ANSWER-must be done before implementing a control Risk Treatment plan - ANSWER-Plan -> Do -> Check -> Act risk assessment review - ANSWER-Needs regular review, at least Annually. Once implanted effectively look to do mid-year as well. Types of controls - ANSWER-Directive, preventative, detective, corrective Directive Control - ANSWER-putting in place some form of instruction e.g. policy/contract Preventative control - ANSWER-Stopping something from happening, typically reduce likelihood Continues.......