December 26, 2018

One of the most common questions I get is:

"Luke, can you please explain the difference between due care and diligence with real-world examples?"

Yes, please see below.   

Due Care & Diligence Concepts

  • Due care is about correcting something immediately.  The first letter of the two words even help to remember this, DC = do correct.

  • Due dili...

October 17, 2017

Do you really need to know every single NIST document word for word? 

Answer: No

Are NIST documents an incredible source of learning material to expand your knowledge and provide clarity for the CISSP exam? 

Answer: Yes

Do the actual study guide books and practice exam question engines use NIST documents as their references when trying to explain topics?

September 16, 2017

You can learn more about MTBF in Chapter 16: Managing Security Operations page 678 in your Sybex 7th Edition, or Chapter 7: Security Operations page 971 in Shon Harris AIO 7th Edition.  

Mean Time Between Failure

The amount of time before a device is expected to fail.  This was amazing to me, that a hardware vendor  can actually calculate the amount of time...

June 20, 2017

It's good to have a mission, goal, and objectives in your personal life as well as professional environment.  

Click here to read the most recent post: CISSPs Must Know Organization Goals, Objectives, and Mission

Here are some possible CISSP exam questions regarding this topic: 

1.  "The company will attain ISO 27001 Certification by the end of this year", t...

April 14, 2017

 Click Here to Download The PDF "MTD, RPO, RTO, WRT"

There is a strong chance that you will be tested on the terms "MTD, RPO, RTO, WRT"- tested on their concepts, not just their definitions.

This is one of those topics where it's either you know it, or you don't.   

The terms can be confusing when you just start out studying, but eventually after weeks...

April 11, 2017


Click Here to Download The PDF "Responsibilities in the Cloud"

I've seen that there has always been some confusion or difference of opinion when it comes to who has what responsibility in the cloud.  

I'm not here to state anything official, but to just go through what I've observed while studying, and helping others study for the CISSP.

It doesn't matter...

March 22, 2017

In case you haven't studied the BCP/DRP section of your studies yet, here is some information that I sent to the folks on the newsletter: 

The topic of proper business continuity and disaster recovery planning is highly testable.  

Expect to be tested on the following

  • BCP process and steps (Not specifics, just the general flow)

  • Components of the...

December 20, 2016

Aside from subnetting, did you ever think you’d use math when joining the information security field?

As a CISSP, you may one day find yourself part of a risk analysis team.  The job of this team is to figure out the cost of assets and their associated value.  But what’s the difference between cost and value?

Let’s take the example of a...

February 27, 2016

There was a lot of stuff in the Security and Risk Management domain of the CISSP that I would never even think about in my past job(s) as a systems administrator.  None of my previous employers ever mentioned anything about following ISO standards or operating under some “risk management framework”. 

What was a framework anyway?  It was frustrating to...

February 23, 2016

I was just working on CISSP Quiz #2 for the website when I started to recall my first day at my first security job.  When I look back now, I realize each task could be mapped to confidentiality, integrity, and availability.  The three core information security concepts of the CISSP.

My manager gave me the following tasks:

*  Generate my own public and...

Please reload

© 2013 Study Notes and Theory
Terms and Conditions/Privacy Policy

Proudly created to make you

a better security professional.