0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

CISSP Study Guide: Risk Assessment & Management
By: Cybrary
December 16, 2022

Risk Assessment Risk is the preexisting hazard(s) that may cause damage or loss. It does not assume certainty that a hazard will develop, rather its inherent potential to occur. Risk management is applied to ascertain the presence of risk, measure the potential threat and how to manage it. In taking assertive steps to prevent or manage a known risk, the ...

CISSP Study Guide: Risk Analysis Process
By: Cybrary
December 16, 2022

Qualitative Assessment: Risk Analysis Process Attaching monetary value to the elements of a risk analysis can be challenging. Incorporating qualitative components into the process will help evaluate the quantitative component. A qualitative assessment rates the degree of threats and sensitivity of confidential assets then places them into categories based on their rating. The following ratings can be applied: Low: When ...

CISSP Study Guide: Security Policies and Procedures
By: Cybrary
December 16, 2022

Security policies are official, authorized documents that are created in compliance with the security philosophy of an organization. These documents are an overview of the organization’s assets and the degree of protection each asset or group of assets have. Well-crafted, coherent security policies would outline a set of rules to which users in the organization should follow when connecting to ...

CISSP Study Guide: The Objectives of a Security Policy
By: Cybrary
December 16, 2022

Guiding your technical team on their choice of equipment is a good starting-point. The policy terminology will likely not include this kind of information as to which equipment or designs are to be used. Once a decision is made or the equipment is in place, the second objective would be to advise the team in arranging the equipment. The policy ...

CISSP Study Guide: Security Policy Implementation
By: Cybrary
December 16, 2022

Standards, guidelines, and procedures comprise three elements of policy implementation. They present the specifics of the policy, how they should be applied, and what standards and procedures should be practiced. Standards are itemized procedures applied in order to satisfy a policy requirement but do not define the method of implementation. Guidelines are instructions or suggestions of how policies or procedures ...

CISSP Study Guide: Information Classification in Security
By: Cybrary
December 16, 2022

Organizations qualify their data based on various factors and not all data holds the same value. Depending on the user and their designated role, the data will have greater or less value. Information such as formulas or product development are of high value, and having that data compromised in any way could be catastrophic for an enterprise. Thus, the data ...

CISSP Study Guide: Computer Crimes & The Common Law System
By: Cybrary
December 16, 2022

Types of Computer Crimes Computer crimes consist of situations where computers are used as a tool to plan or commit the crime; or situations where a computer or a network is the victim of the crime. The most common types of computer crimes: Denial of Service (DoS) and Distributed Denial of Service (DDoS) Password theft Network invasions Emanation eavesdropping Social ...

CISSP Study Guide: Computer Security, Privacy and Crime Laws
By: Cybrary
December 16, 2022

The laws, regulations, and mandates about the protection of computer-related information are as follows: The U.S. Fair Credit Reporting Act of 1970 deals with consumer reporting agencies. The U.S. Racketeer Influenced and Corrupt Organization (RICO) Act of 1970 that refers to criminal and civil crimes involving racketeers affecting the operation of legitimate businesses; crimes detailed in this act: mail ...

CISSP Study Guide: Important Computer Privacy Laws
By: Cybrary
December 16, 2022

The Council Directive (Law) on Data Protection for the European Union (EU) of 1995 declares that each EU nation is to apply protections similar to those of the OECD Guidelines. The Economic and Protection of Proprietary Information Act of 1996 corresponds to industrial and corporate espionage and expands the definition of property to include proprietary economic information in order to ...

CISSP Study Guide: Intellectual Property Law
By: Cybrary
December 16, 2022

Intellectual property law consists of a number of categories designed to protect the intellectual property of the author. These categories include the following: The patent law protects inventions and processes, ornamental designs, and new varieties of plants. It provides the owner of the patent with the legal right to prevent others from using or reproducing the object covered by the patent ...