CISSP PROCESS GUIDE |V.14| made by madunix| madunix_at_gmail_dot_com|SNT FB gro

CISSP PROCESS GUIDE |V.14| made by madunix| madunix_at_gmail_dot_com|SNT FB group|2018 1 CISSP PROCESS GUIDE V.14 CISSP PROCESS GUIDE |V.14| made by madunix| madunix_at_gmail_dot_com|SNT FB group|2018 2 CISSP PROCESS GUIDE By Fadi SODAH, CISSP (a.k.a. madunix) Powered by CISSP Exam Preparation - Study Notes and Theory - Facebook Study Group CISSP PROCESS GUIDE |V.14| made by madunix| madunix_at_gmail_dot_com|SNT FB group|2018 3 After passing the CISSP exam, and for the purpose of benefiting others with the knowledge and experienced I gained during my study term, I have summarized the main basic concepts in a general overview. I am hoping this consolidation of core concepts and processes would benefit those interested in becoming members of the CISSP study group and community. The intention of this document is to be supplementary, not a replacement for officially published study guides and books. I may have added multiple definitions of the same process or procedure due to the varying definitions from different resources such as the Official CBK, Sybex, NIST publications, SANS papers, or the AIO Shon Harris books. If you encounter any conflicts, please refer to the Official CISSP CBK. Being a CISSP candidate you should fully understand CISSP concepts, methodologies and their implementations within the organization. If you find this document useful and the information valuable, please consider making a donation to help defray the costs of the bandwidth and hosting services required to distribute it. Every little bit helps. To make a contribution, please go to: https://www.studynotesandtheory.com/single-post/Donations -Fadi Sodah CISSP PROCESS GUIDE |V.14| made by madunix| madunix_at_gmail_dot_com|SNT FB group|2018 4 REFERENCES  The Official (ISC)2 Guide to the CISSP CBK, Fourth Edition ((ISC)2 Press)  CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide 7th Edition  CISSP Official (ISC)2 Practice Tests  CISSP All-in-One Exam Guide, Seventh Edition  The Official (ISC)2 Guide to the CCSP CBK  (ISC)2 presentation  CISM CRM - ISACA  Sybextestbanks.wiley.com  Cloudsecurityalliance.org  NIST documentations/papers  SANS documentations/papers  CCSP Certified Cloud Security Professional, Presentation - Kelly Handerhan  CISSP Certified Information Systems Security Professional, Presentation - Kelly Handerhan  IBM Cloud Services  Cisco Systems CISSP PROCESS GUIDE |V.14| made by madunix| madunix_at_gmail_dot_com|SNT FB group|2018 5 Corporate Governance: Corporate governance is the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risk is managed appropriately and verifying that the enterprise's resources are used responsibly. • Auditing supply chains • Board and management structure and process • Corporate responsibility and compliance • Financial transparency and information disclosure • Ownership structure and exercise of control rights 5x areas of focus for IT Governance: •Strategic alignment •Value delivery •Resource management •Risk management •Performance management Governance vs. Management: • Oversight vs. Implementation • Assigning authority vs. authorizing actions • Enacting policy vs. enforcing • Accountability vs. responsibility • Strategic planning vs. project planning • Resource allocation vs. resource utilization Note: Governance: What do we need to accomplish. Management: How Key Metrics to establish BIA: • SLO • RPO • MTD • RTO • WRT • MTBF • MTTR • MOR CISSP PROCESS GUIDE |V.14| made by madunix| madunix_at_gmail_dot_com|SNT FB group|2018 6 Business Impact Assessment: • Identify Priorities • Identify Risk • Likelihood Assessment • Impact Assessment • Resource prioritization Business Impact Analysis: • Identify critical functions • Identify critical resources • Calculate MTD for resources • Identify threats • Calculate risks • Identify backup solutions Business Impact Analysis: • Select individuals to interview for data gathering • Create data-gathering techniques • Identify critical business functions • Identify resources these functions depend upon • Calculate how long these functions can survive without these resources • Identify vulnerabilities and threats • Calculate the risk for each different business function • Document findings and report them to management CISSP PROCESS GUIDE |V.14| made by madunix| madunix_at_gmail_dot_com|SNT FB group|2018 7 Business Continuity Planning (BCP): • Project Initiation • Business Impact Analysis • Recovery Strategy • Plan design and development • Implementation • Testing • Continual Maintenance BCP: (NIST 800-34) • Develop planning policy; • BIA • Identify preventive controls • Create contingency strategies • Develop contingency plan • Test • Maintenance WHY - Business Continuity Planning (BCP): • Provide an immediate and appropriate response to emergency situations • Protect lives and ensure safety • Reduce business impact • Resume critical business functions • Work with outside vendors and partners during the recovery period • Reduce confusion during a crisis • Ensure survivability of the business • Get "up and running" quickly after a disaster CISSP PROCESS GUIDE |V.14| made by madunix| madunix_at_gmail_dot_com|SNT FB group|2018 8 DRP vs. BCP: • BCP - Corrective Control • DRP - Recovery Control • Both BCP and DRP fall under the category of Compensating Control • BCP is NOT a preventive control as it can _not_ prevent from a disaster • BCP helps in continuity of organization function in the event of a disaster • BCP: maintaining critical functions during a disruption of normal operations • DRP: recovering to normal operations after a disruption! Business Continuity Planning (BCP): • Continuity Policy • Business Impact Assessment - BIA • Identify Preventive Controls • Develop Recovery Strategies • Develop BCP • Exercise/Drill/Test • Maintain BCP Team: • Rescue Team: Responsible for dealing with the immediacy of disaster –employee evacuation, crashing the server room, etc. • Recovery Team: Responsible for getting the alternate facility up and running and restoring the most critical services first. • Salvage Team: Responsible for the return of operations to the original or permanent facility (reconstitution) – (get us back to the stage of normalcy) CISSP PROCESS GUIDE |V.14| made by madunix| madunix_at_gmail_dot_com|SNT FB group|2018 9 Business Continuity Planning (BCP) Documents: • Continuity of planning goals • Statement of importance and statement of priorities • Statement of Organizational responsibilities • Statement of Urgency and Timing • Risk assessment, Risk Acceptance and Risk mitigation document • Vital Records Program • Emergency Response Guidelines • Documentation for maintaining and testing the plan DRP/BCP document plan should be: • Created for an enterprise with individual functional managers responsible for plans specific to their departments • Copies of Plan should be kept in multiple locations • Both Electronic and paper copies should be kept • Plan should be distributed to those with a need to know • Most employees will only see a small portion of the plan CISSP PROCESS GUIDE |V.14| made by madunix| madunix_at_gmail_dot_com|SNT FB group|2018 10 Business Continuity Planning (BCP): •Project scope and planning •• Business Organization Analysis ••BCP team selection ••Resource Requirements ••Legal and regulatory requirements •Business impact assessment ••Identify priorities ••Risk Identification ••Likelihood Assessment ••Impact Assessment ••Resource Prioritization •Continuity planning ••Strategy Development ••Provisions and Processes ••Plan Approval ••Plan Implementation ••Training and Education •Approval and implementation ••Approval by senior management (APPROVAL) ••Creating an awareness of the plan enterprise-wide (AWARENESS) ••Maintenance of the plan, including updating when needed (MAINTENANCE) ••Implementation CISSP PROCESS GUIDE |V.14| made by madunix| madunix_at_gmail_dot_com|SNT FB group|2018 11 Development of Disaster Recovery Plan (DRP): • Plan Scope and Objectives • Business Recovery Organization (BRO) and Responsibilities (Recovery Team) • Major Plan Components - format and structure • Scenario to Execute Plan • Escalation, Notification and Plan Activation • Vital Records and Off-Site Storage Program • Personnel Control Program • Data Loss Limitations • Plan Administration Disaster Recovery Plan (DRP) procedures: • Respond to disaster in accordance to a pre-defined disaster level • Assess damage and estimate time required to resume operations • Perform salvage and repair Elements of Recovery Strategies: • Business recovery strategy •• Focus on recovery of business operations • Facility & supply recovery strategy •• Focus on facility restoration and enable alternate recovery site(s) • User recovery strategy •• Focus on people and accommodations • Technical recovery strategy ••Focus on recovery of IT services • Data recovery strategy •• Focus on recovery of information assets CISSP PROCESS GUIDE |V.14| made by madunix| madunix_at_gmail_dot_com|SNT FB group|2018 12 The eight R’s of a successful Recovery Plan: • Reason for planning • Recognition • Reaction • Recovery • Restoration • Return to Normal • Rest and Relax • Re-evaluate and Re-document Disaster Recovery Program: • Critical Application Assessment • Back-Up Procedures • Recovery Procedures • Implementation Procedures • Test Procedures • Plan Maintenance Post-Incident Review: Purpose is how we get better; after a test or disaster has taken place: • Focus on how to improve • What should have happened? • What should happen next? • Not who´s fault it was; this is not productive CISSP PROCESS GUIDE |V.14| made by madunix| madunix_at_gmail_dot_com|SNT FB group|2018 13 Continuity Planning: Normally applies to the mission/business itself; Concerns the ability to continue critical functions and processes during and after an emergency event. Contingency Planning: Applies to information systems, and provides the steps needed to recover the operation of all or part of designated information systems at an existing or new location in an emergency. Business Continuity Plan (BCP): Focuses on sustaining an organization's mission/business processed during and after a uploads/Management/ cissp-process-guide 1 .pdf

Documents similaires

Financé par l’Union européenne Réf: ENI/2017/394-871 PROJET Appui à l’intégrati 0 0

Mast` ere Sp´ ecialis´ e Management des Syst` emes d’Information et des Technol 0 0

Guide de planification stratégique Ce guide aidera les groupes à élaborer des p 0 0

P R E M I E R M I N I S T R E Secrétariat général de la défense nationale Direc 0 0

OFPPT ROYAUME DU MAROC SECTEUR : AÉRONAUTIQUE FILIÈRE : CHAUDRONNERIE AÉRONAUTI 0 0

0 OFPPT ROYAUME DU MAROC MODULE N°:04 ANALYSE DE CIRCUITS À C. C. SECTEUR : ELE 0 0

Ivey Guide to Consulting 1 Ivey HBA Guide to Consulting Created: August 2006 La 0 0

Aperçu de l’examen de certification Effective Date: April 2018 2 CISSP Certific 0 0

PMP EXAM GUIDE Project Management Professional PANKAJ SHARMA PMP,PRINCE 2 PRACT 0 0

GUIDE GUIDE PEDAGOGIQUE Mars 2018 CURRICULUM DE L’ENSEIGNEMENT NORMAL AVANT PRO 0 0

• Détails
• Publié le Fev 13, 2021
• Catégorie Management
• Langue French
• Taille du fichier 2.6673MB