CISSP - Certified Information Systems Security Professional

CISSP
CISSP

CISSP stands for Certified Information Systems Security Professional. It is a certification that is awarded by the International Information Systems Security Certification Consortium (ISC)².

CISSP is a globally recognized certification that demonstrates that the holder has the skills and knowledge necessary to effectively manage information security.

The 8 domains of information security of CISSP:
  • Security and risk management
  • Asset security
  • Security architecture and engineering
  • Communication and network security
  • Identity and access management
  • Security assessment and testing
  • Security operations
  • Software development security

NIST- National Institute of Standards and Technology

NIST
NIST

NIST stands for National Institute of Standards and Technology. It is a non-regulatory agency of the United States Department of Commerce that is responsible for developing and promoting measurement, standards, and technology.

NIST’s mission is to “promote the progress of science and technology for the benefit of society.”

NIST was founded in 1901 as the National Bureau of Standards (NBS). In 1988, NBS was renamed NIST to reflect its broader mission. NIST is headquartered in Gaithersburg, Maryland, and has laboratories and offices throughout the United States.

NIST’s work is divided into four main areas:

  • Measurement science and technology
  • Standards and conformity assessment
  • Technology services
  • Cybersecurity

RMF Risk Management Framework

RMF Risk Management Framework

The Risk Management Framework (RMF) is a process that helps organizations identify, assess, and mitigate information security risks.

The RMF is based on the following principles:

  • Risk-based approach: The RMF takes a risk-based approach to information security. This means that organizations identify and assess the risks to their information and systems, and then implement controls to mitigate those risks to an acceptable level.
  • Life cycle approach: The RMF takes a life cycle approach to information security. This means that organizations implement controls throughout the life cycle of their information and systems, from development and acquisition to operation and disposal.
  • Prioritized approach: The RMF takes a prioritized approach to information security. This means that organizations focus their resources on the risks that are most likely to occur and have the most significant impact.

The RMF is a valuable tool for organizations that are looking to improve their information security posture. The RMF can help organizations to identify and mitigate risks, protect their information and systems, and comply with regulations.

The RMF is made up of the following five steps:

  1. Categorize: Organizations categorize their information and systems based on their sensitivity and criticality.
  2. Assess: Organizations assess the risks to their information and systems.
  3. Select: Organizations select controls to mitigate the risks to their information and systems.
  4. Implement: Organizations implement the selected controls.
  5. Assess and Monitor: Organizations assess and monitor the effectiveness of the implemented controls.

The RMF is a continuous process that should be updated as new risks emerge and new controls become available. The RMF is a valuable tool for organizations that are looking to improve their information security posture.

IAM Identity and Access Management

IAM Identity and Access Management
IAM 4 Components:
  1. Identification
  2. Authentication
  3. Authorization
  4. Accountability
  Prove System & Data are used properly

Identity and Access Management (IAM) is a framework for managing the identities and access rights of users and applications.

IAM helps organizations to ensure that only authorized users have access to sensitive data and systems.

IAM typically includes the following features:

  • User management: IAM allows organizations to create, manage, and disable user accounts.
  • Role-based access control (RBAC): IAM allows organizations to define roles that define the permissions that users have to access resources.
  • Multi-factor authentication (MFA): IAM allows organizations to require users to provide multiple forms of identification, such as a password and a code from a physical device, before they can access resources.
  • Access auditing: IAM allows organizations to track who has accessed resources and when.

IAM is an important part of an organization’s overall security strategy. IAM can help organizations to protect their data and systems from unauthorized access.

Here are some of the benefits of implementing IAM:

  • Increased security: IAM can help organizations to reduce the risk of unauthorized access to sensitive data and systems.
  • Improved efficiency: IAM can help organizations to streamline the user provisioning and deprovisioning process.
  • Reduced costs: IAM can help organizations to reduce the costs associated with managing user access.
  • Improved compliance: IAM can help organizations to comply with regulations, such as the General Data Protection Regulation (GDPR).

IAM is a valuable tool for organizations of all sizes. IAM can help organizations to improve their security posture, increase their efficiency, and reduce their costs.