Domain 1: Security & Risk Management

Software Licensing & Import/Export Law

As a Security professionals should also be familiar with the legal issues surrounding software licensing agreements. There are four main types of License Agreement in use today. Refer to below mindmap for details. Also, Import/Export law will help company to control their Information across multiple countries. Case Study: Below case study will help us to … Continue reading “Software Licensing & Import/Export Law”

Privacy Law

Privacy is becoming more threatened as the all of us increasingly relies on computing technology & Digital content. There are several approaches/laws government has taken to addressing privacy issues. Below figure illustrate the U.S. & Eu…

Laws, Regulations, Compliance

Every country follows some kind of Legal system. Below figure shows different types of Legal system. Since CISSP discuss more on U.S. Laws and Regulation; hence we will restrict our-self to U.S. only. We can observe that U.S. follow “Common Legal System”. As a IT professional / Security professional; we understand that Laws and regulations … Continue reading “Laws, Regulations, Compliance”

Personnel Security

So, Who is the Weakest element in Security Realm – “Human” Who is biggest culprit in Security Realm – “Human” No matter what controls have been deployed in any environment; Human will always discover a way to avoid/circumvent/disable it. Image a situation if that Human belongs to your own organization i.e. Employee. In such case; … Continue reading “Personnel Security”


In this blog, we will take a look at the different Categories of countermeasure, Type of Control, Goals of Countermeasure, and their respective cost justification. Refer to below mind map for complete details. Security control categories Types of control Goals and Justification of Countermeasure

Qualitative Risk Analysis … Delphi Technique

Purely quantitative risk assessment is hard to achieve because some items are difficult to tag to fixed dollar amounts. Absolute qualitative risk analysis is possible because it ranks the seriousness of threats and sensitivity of assets into grades or classes, such as low, medium, and high.  Typically this analysis is done for Intangible assets such … Continue reading “Qualitative Risk Analysis … Delphi Technique”