Effective CISSP Questions

After risk assessment, your company plans to equip laptops used by sales representatives with FIPS 140-2 Level 3 compliant self-encrypting drives as a countermeasure to protect around 10% of confidential data stored on hard drives. You are analyzing the residual risk using a quantitative approach in another iteration of risk assessment after the risk treatment. Which of the following is the primary and direct factor subject to change due to the risk treatment? (Wentz QOTD)
A. Asset value
B. Exposure factor
C. Annual loss expectancy
D. Annualized rate of occurrence

Continue reading


Effective CISSP Questions

An information system needs the official management decision given by a senior organizational official to authorize the operation and to accept the residual risk explicitly. Which of the following provides the final decision? (Wentz QOTD)
A. Risk-based auditing
B. Authoritative accreditation
C. Comprehensive security assessment
D. Third-party security evaluation using objective criteria

Continue reading

Investigation, Evidence, and Forensics


Investigation: systematic or formal process of inquiring into or researching, and examining facts or materials associated with a matter.
Source: ISO/IEC 27035-3:2020 Information technology — Information security incident management — Part 3: Guidelines for ICT incident response operations


Evidence: Grounds for belief or disbelief; data on which to base proof or to establish truth or falsehood.
Note 1: Evidence can be objective or subjective. Evidence is obtained through measurement, the results of analyses, experience, and the observation of behavior over time.
Note 2: The security perspective places focus on credible evidence used to obtain assurance, substantiate trustworthiness, and assess risk.
Source: NIST SP 800-160 Vol. 1

Evidence: information supporting the occurrence of an event or action.
Note 1 to entry: Evidence does not necessarily prove the truth or existence of something but can contribute to the establishment of such a proof.
Source: ISO/IEC 13888-1:2020 Information security — Non-repudiation — Part 1: General


Forensics: The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.
Source: CNSSI 4009-2015

Digital forensics: In its strictest connotation, the application of computer science and investigative procedures involving the examination of digital evidence – following proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possibly expert testimony.
Source: CNSSI 4009-2015 from DoDD 5505.13E

Forensic science: The use or application of scientific knowledge to a point of law, especially as it applies to the investigation of crime
Source: NISTIR 8006 from SWDGE v2.0

Forensic copy: An accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm.
Source: CNSSI 4009-2015 from NIST SP 800-72

  • 調查(investigation): 為深入了解特定人,事,物等事實, 所採行之正式而系統化的探詢, 查驗及研究.
  • 據(evidence): 可以支持或證明某一事件、行動或判定事實真假之資訊.
  • 鑑識(forensics): 為法律檢調之目的所採行之證據採集, 保存及分析等作為.


Effective CISSP Questions

A financial specialist in your company needs a specific version of a spreadsheet that is enlisted in your company’s whitelist of approved software. As a member of the IT support team, which of the following should you do first? (Wentz QOTD)
A. Submit a change request to install the specified software
B. Download the software from the open-source community
C. Ensure the software is the latest version
D. Install the software stored on the company’s distribution points

Continue reading