Exam cram
Presented here is a revision of some of the important concepts from all the domains of CISSP CBK. They are provided in bullet points as snippets that are easy to revise. These snippets are for quick revision and reinforcement of the knowledge learned:
- Risk is defined as an exposure of the asset to loss, injury, or damage due to threats, vulnerabilities, and attacks.
- Asset protection requirements are identified through a structured method of risk analysis, evaluation, and assessment.
- Risk analysis, risk evaluation, risk assessment, and risk mitigation strategies are the components of risk management.
- Identifying threats and vulnerabilities, attacks, estimating potential impact, and establishing and implementing suitable controls to treat the risk are functional steps in risk management.
- Risk analysis that provides risk values in numeric terms, such as monetary values, is known as quantitative.
- Risk analysis that provides risk values in non-numeric terms, such as high-low-medium, is called...