A subject is authenticating to the ID provider. Which of the following is not a cryptographic function or cipher and provides the lowest level of security in the authentication process?
A. Base64 for the encoding of ID and password in HTTP basic authentication
B. Electronic Codebook (ECB) that produces repeated patterns
C. Hash-based message authentication code (HMAC)
D. Cipher block chaining message authentication code (CBC-MAC)
CISSP-ISSEP Preparation
ISSEP is a concentration exam of CISSP. It is not that hard but intimidating because of the limited number of exam prep materials. The following official sources are crucial.
PRIMARY MATERIALS
ISSEP CBK SUGGESTED REFERENCES
- IATF is obsolete.
- NIST SP 800-160 volumes 1 & 2
- INCOSE System Engineering Handbook
- NIST SP 800-37 (RMF)
- NIST SP 800-161 (Supply Chain Risk Management)
- PMI PMBOK (Free for PMI members)
- The ISSEP CBK book is outdated but good to have
CISSP PRACTICE QUESTIONS – 20210224
Your organization set up a new position, CISO, which reports to the CIO, to be in charge of cybersecurity. As the CISO, you aim to support the business effectively. Which of the following is the most critical task for you?
A. Integrate security into IT processes
B. Implement comprehensive network access control
C. Sponsor and direct the business continuity program
D. Develop an information security management system
CISSP PRACTICE QUESTIONS – 20210223
You are applying for a certificate from a certificate authority (CA) to support the secure transmission on the E-Commerce website that serves global customers. Which of the following actions exposes the least risk?
A. Randomly generate an asymmetric key pair on the portal of the CA.
B. Use a utility to create the certificate request on the local workstation
C. Upload the key pair to the CA server for approval and signing
D. Download and install the certificate containing the key pair onto the webserver
CISSP PRACTICE QUESTIONS – 20210222
Which of the following provides the highest level of safety in storefront or shopping windows?
A. Tempered glass
B. Laminated glass
C. Wired glass
D. Annealed glass
CISSP PRACTICE QUESTIONS – 20210221
You are the head of a public company’s manufacturing department in Taiwan as an original equipment manufacturer (OEM) that accepts orders from the globe. Your department has collected manufacturing parameters, accumulated rich experience to improve efficiency and optimize costs, and created sustainable competitive advantages. Which of the following is the most critical concern to protect the manufacturing parameters from the perspective of intellectual property?
A. The ownership of the parameters
B. The secrecy of the parameters
C. The innovation of the parameters
D. The expression of the parameters
CISSP PRACTICE QUESTIONS – 20210220
You are the head of the research and development (R&D) department. As the data owner of R&D data sets, you are responsible for classifying data and accountable for the results. Which of the following is the best criterion that justifies your classification decision?
A. The importance or meaning to stakeholders
B. The risk of the unauthorized disclosure of information
C. The risk of the unauthorized modification or destruction of information
D. The risk of the disruption of access to or use of information or an information system
Data Governance for Regulation
Regarding security within data governance, the European Union’s General Data Protection Regulation (GDPR) and Markets in Financial Instruments Directive II (MiFID II) are applicable, as is US 31 USC 310, a regulation addressing data in the context of financial crimes.
On a broader scale, the US Dodd-Frank Act addresses record-keeping transparency. The US Comprehensive Capital Analysis and Review (CCAR) framework addresses data quality and management. In Europe, MiFID II addresses data collection processes, while Basel III contains data governance provisions within the context of risk management and capital adequacy concerns.
In China, the Banking and Insurance Regulatory Commission (CBIRC) issued guidelines in May 2018 that include provisions for financial firms, assigning responsibility for setting up data governance systems, data quality control and related incentive and accountability systems.
Although MiFID II, Basel III and the BCBS 239 rules addressing risk data aggregation come from Europe, they do influence compliance throughout Asia and globally. In addition, the International Financial Reporting Standard (IFRS) created by the International Accounting Standards Board (IASB) sets classification and accounting rules that can figure into data governance. Any firm forming their governance framework should be aware of these provisions.
So, with a good handle on data governance traits and rules, firms may also deploy enterprise data management (EDM) and master data management (MDM) systems as a means to carry out the provisions made in data governance. These systems scrub, enrich and curate data, to standardize how data is defined and produce metadata that helps implement data governance frameworks, with integrity, accountability and security.
With knowledge of the elements of data governance, both as part of a firm’s native efforts and its compliance requirements, management will be better equipped to do business in the markets and lower their operational and regulatory risk.
Source: GoldenSource
Related Readings
- Data governance
- What is Data Governance?
- What is data governance and why does it matter?
- A Guide to Data Governance for Privacy, Confidentiality, and Compliance
- Enterprise Information Management: Best Practices in Data Governance
- How to Create a Data Governance Plan to Gain Control of Your Data Assets
- What is data governance? A best practices framework for managing data assets
- Data Governance Definition, Challenges & Best Practices
- What is Data Governance (and Why Do You Need It)?
- DATA GOVERNANCE – WHAT, WHY, HOW, WHO & 15 BEST PRACTICES
CISSP PRACTICE QUESTIONS – 20210219
As the head of the research and development department, you are authorizing colleagues in your department access to resources. Which of the following best justifies your authorization decision?
A. Background check
B. Security clearance
C. Job description
D. Separation of duties
CISSP考試心得 – 陳昭名(Jaumin Chen)
謝謝昭名不吝分享成功經驗,並同意我收錄他的分享文章!
~ Wentz Wu
感謝社群各位大大這些日子不吝指導與分享,讓自己有幸在上週(2/3)通過CISSP考試,整理一下自己的歷程當lesson learned,並和大家交流,謝謝~~