๐ Study Focus | Domain 1: Security and Risk Management
๐ Study Focus: Domain 1: Security and Risk Management
๐ Flashcard Topics (with 1–2 line memory hooks)
๐️ Security Governance
-
Due Care vs Due Diligence
Due care = doing what's right; due diligence = investigating before acting. -
Security Policy Hierarchy
Policy (high-level), Standard (mandatory rules), Guideline (optional), Procedure (step-by-step).
⚖️ Compliance and Legal
-
Civil vs Criminal Law
Civil = disputes, fines; Criminal = offenses, jail time. -
Types of Intellectual Property
Copyright (expression), Patent (invention), Trademark (brand), Trade secret (protected process). -
Privacy vs Confidentiality
Privacy = individual’s right; Confidentiality = protection of information. -
GDPR Key Principle
Lawful, fair, transparent processing of personal data.
๐ผ Security Roles and Responsibilities
-
Data Owner vs Data Custodian
Owner = sets classification; Custodian = maintains and protects data. -
Security vs System Administrator
Security admin = enforces policies; System admin = manages systems.
๐ Risk Management
-
Risk = Threat × Vulnerability × Impact
Risk exists when threat and vulnerability meet. -
SLE = Asset Value × Exposure Factor
Single Loss Expectancy = value of one loss. -
ALE = SLE × ARO
Annual Loss Expectancy = yearly expected loss. -
Risk Treatment Options
Accept, Avoid, Transfer, Mitigate.
๐ Business Continuity / Disaster Recovery
-
RTO vs RPO
RTO = time to restore; RPO = data loss window. -
BCP vs DRP
BCP = keeps business running; DRP = restores IT services.
๐ Security Documentation
-
Security Policy
Broad high-level document stating the intent and direction. -
Standard vs Guideline
Standard = required control; Guideline = recommended best practice.
Comments
Post a Comment