Monday, February 19, 2018

SSCP Video Course - Understanding Security Basics


Confidentiality, Integrity, Availability are the three pillars of information security. All security professionals aim to achieve either or all the three areas when designing an information security program. While the video above explains these terms and many others in detail and simplified manner, here I take up a complete scenario to help you understand the context in which these terms can be used.

John has newly joined as a security practitioner in the company “IloveITSoultions” and has been instructed to find ways to improve the security by implementing confidentiality. The company is extending into an e-commerce domain and would like to explore as to how it can provide a seamless experience to the customer by making its site available 24X7. The CSO has also instructed him to explore ways to reduce fraud in the company in light of certain events. What should John do?

Such scenarios are common in the SSCP and CISSP exams and hence it is important to understand the basics concepts of the security. The above video explains these concepts in details.

Exam Tip:

From an exam perspective, read every question very carefully. The examiner may confuse you either by giving an extremely long scenario and asking questions in relation to that or give a direct question but with extremely difficult choices.

Consider the following 2 questions:

1. Confidentiality is 
        a. Unauthorized access by an authorized person.
        b. Authorized access by an authorized person.
        c. Unauthorized access at a wrong time by an unauthorized person.
        d. Authorized access by an unauthorized person.

Answer – Some may find this question easy, but this has confusing difficult choices to choose from. Comment in the comment section below as to what do you consider the right option and why.

2. ABC company just suffered a breach. The court found that the company had not taken the required actions to protect its resources. While the company showed documents that it made up a security policy and also thought of buying an anti-virus. It was also contemplating a business continuity plan. What should have ABC have done to ensure that its resources are protected?
         a. Due Care
         b. Physical Security
         c. Implementing Audit features
         d. Due diligence

Answer – Here the examiner is trying to confuse you by giving a long scenario. It also plays another trick by trying to confuse between two similar terms – due care and due diligence. Comment in the comment section below as to what do you consider the right option and why.

Hope these questions and much more in the practice questions tab will help you. Would like to know as to what do you think of the video? How can the content be improved?

Share your comments in the comment section below.

No comments: