-
Think Like a Risk Manager
-
Look out for double negatives. Skim the question looking extraneous information and disregard it. Look for the core of the question.
-
answer the question way ISC2 says to do it.
-
Watch your gut check, what you know in real life might push you towards the wrong answer. Go by what the book says
-
Your security controls need to align with the business. Don't spend more than the cost of the item to protect it.
-
Use the official ISC2 flash card app
-
A business exists for a different purpose, not to secure data.
-
Understand what motivates your leaders. (Money, ego, mission). You need to craft your message to align with that. Show how Information Security pushes that forward.
-
when ready for enforcement, send instructors an email.
-
expand on your duties for your day to day security items.
If you have accreditation or certification as choices at the same time in a question, its one of those two
For Fire extinguishers A for Ash. Don't throw water on things that will make things worse.
MD5 will always do a 128 bit
Threats exploit vulnerabilities
Spiral model is a meta model.
In confidentiality, you don't want to read up or write down Bell-LaPadula
Keep it up, just keep trying and don't give up
Good idea to follow up with the CISM or CCSP
in coding, coupling can be thought as dependency.
permunations = stages or rounds
kerberos depends on symetric key encryption
When it is a physical thing, always fail open because fail secure could kill someone
Always give back to the community as it helps you be a better security professional