Professional Documents
Culture Documents
Ahmed - Pinger CISSP Assignment 1 IEC - ODF
Ahmed - Pinger CISSP Assignment 1 IEC - ODF
Ahmed - Pinger CISSP Assignment 1 IEC - ODF
There are two topic covered in these lectures the first one is Cyber Security Governance and the
second one is Risk Management.
In first chapter we have several topics, the first one is about CIA Trade which is the abbreviation
Confidentiality, Integrity and Availability. Confidentiality mean to keep data secure and prevent
from unauthorized access, Integrity means making sure that there is there is no alteration in data by
Hacker, Availability means the service or data is available to the users all the time (24/7).
Then the next topic is about some security definitions e.g, Vulnerability means A weakness in a
System, Threat means any potential danger about exploiting a vulnerability by a hacker, Threat
Actor (Yes You Guess it Right) means the person who is exploiting vulnerability,
Risk means that the Probability of a threat becoming real, Countermeasure means that a control
put into place to prevent potential loss, and Social Engineering is just a skill of lying that how can
you trick peoples, so that it for this topic.
The next topic is about Security Policies, Security Policies are some policies in an Organization
which has to be followed by the peoples (The Security Policies in an Organization are called
Organizational Policies) . And there are part of security policies that makes up whole policy, the
first part is Standard it describes a specific requirement that has to be followed by all employees,
Baseline is actually the minimum level of security, Guidelines are simply the instructions to the
employees, and Procedures are step by step process to achieve task, and that it for this part.
The next part is about Legal Issues, In Legal issues we have a rule a government which is called
Prudent Person Rule, the rule indicates how you're going to be judge on the level of effort that you
give to provide the necessary protection, that’s it for this part and now we have our last part for this
chapter before getting into Risk Management, the last part is Security Awareness Training,
Security Awareness Training is for everybody in the company, every employee in the company
should be trained. Security Awareness Training is not just training, its a legal protection.
The Second Chapter: