- CISSP Exam Cram - 2024 Addendum
- GitHub - jefferywmoore/CISSP-Study-Resources
- CISSP Practice Quiz – Inside Cloud and Security
Manager mindset¶
5 Pillars (CAINA)¶
- Confidentiality: the obligation to keep secret private information (data). Differs from Privacy defined as the control of an individual over the information about them (users rights)
- Authenticity
- Integrity
- Non Repudiation
- Availability
Security VS Risk Control Framework RCF: The WHY - structured approach to drive decisions SCF: The HOW - prescriptive (enforceable) set of cybersecurity safeguards.
SCF could be a help in the actual implementation of a Risk framework.
| RISK | SECURITY |
|---|---|
| SABSA | SABSA |
| ISO27001 | ISO27002 |
| FedRAMP) |
Privacy¶
US tech companies can't export to Iran, Cuba, North Korea, Sudan, Syria. Privacy basic rules: US: fourth amendment EU: GDPR HIPAA: Health insurance HITECH: Health Information Technology Gramm-Leach financial COPPA: Children Online Privacy ECPA: Electronic Communication CALEA: Communications Assistance (wiretapping = monitoring of phone/internet comm.) PIPL Chinese personal information POPIA: South Africa
PIA: Privacy Impact Assessment¶
Evaluate the damage of a data breach based on the current data that is processed and stored by the company or system. It is required by GDPR and HIPAA. 7 Steps to Conduct a Privacy Impact Assessment
Legislation conflicts¶
some legislations may conflict on the management of data or privacy made by multinational enterprises. There is no superior law, an expert is needed to solve the specific case (eg: GDPR VS CLOUD Act).
Laws and Legislations are made by government entities and agencies, they must be followed to avoid incrimination. Standards and frameworks defines the basics to reach a minimum performance or suggest guidelines.