Physical Security Considerations

Many companies are merging physical security and IT security departments and functions. This makes a lot of sense given that the line between the two is not at all clear. For example, if a user swipes a badge, then a server unlocks a door, that’s a blend of physical security and IT technology. If that door leads to the computer room or even a wiring closet, then it is IT security, too.  In this domain, both sides will be considered.

Law, Investigation, Forensics and Ethics

One of the most difficult and challenging parts of a security manager’s job responsibility can be the handling of incidents and investigations. Let's dive into this domain to discuss the steps an ISSMP must take to prepare for, detect, react to, correct, report, and learn from every incident that does occur.

Technology Related Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)

The relationship between BCP and DRP is often misunderstood, and even worse, sometimes used interchangeably. A BCP is an examination of a business. It is done once. A DRP is created for every likely or feasible scenario, so that when the bad event happens, a plan will exist for dealing with it. The relationship is one BCP to many DRPs. Now let's dive into this deeper in this video.

CISSP-ISSMP: Understand Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)

Organizations need to prepare for the risk of an interruption to services or operations and put in place plans that will help prevent such failures, minimize the impact if an incident were to happen and manage the recovery to normal operations as quickly as possible. Let's discuss in this domain. 

U.S. Government Information Assurance Related Policies and Issuances

Security Architecture Analysis

Common Criteria and PCI-DSS, at risk management in terms of both analysis and mitigation, at certification and accreditation and at design validation.

CISSP-ISSEP: Technical Management

This domain includes the DoD Acquisition process. This process is normally a profession onto itself, but as system security professionals, we must understand how this process works and how to use it to acquire the necessary equipment ISSEPs need for our engineering and development efforts.

If you have problem watching the video click here

CISSP-ISSMP: Security Compliance Management

Security compliance is a demanding and ever-changing world of regulations, standards and audit. Let's look into the areas of concern and opportunity for the information security manager and how to ensure that we are executing our responsibilities in a professional and thorough manner that will protect the interests of our employers and earn the respect of all the stakeholders that rely on us.

CISSP-ISSAP: Cryptography

One of the most important thoughts an ISSAP has to keep in mind when designing a network is that choosing cryptography as a solution always means adopting a key management problem. Keys need to be changed, distributed and recovered, but at the same time, they need to be maintained in a secure fashion. Availability can be seriously impacted by a forgotten or destroyed key, but confidentiality will suffer if there is a breach of the key recovery solution.