Study Notes and Theory

“Not many face actual power outages when they're studying CISSP. But it’s these real-life experiences that no doubt become an advantage!” – Luke Ahmed Today is Day 44 of Yihenew’s CISSP study plan, focusing on Power Outage Recovery  — one of the most practical real-world lessons in Business Continuity Planning (BCP)  and Disaster Recovery Planning (DRP) . This topic is a reminder that disasters don’t always involve hackers or malware. Sometimes, it’s a simple power outage tha

“We had a great Zoom session! There were obvious hints that I observed that you were the perfect CISSP student.” – Luke Ahmed Today is Day 43 of Yihenew’s CISSP study plan, diving into Identity and Access Management (IAM)  — one of the most essential and exam-heavy topics across multiple CISSP domains. IAM defines how users are identified, authenticated, and authorized to access systems and data. It’s not just a technical topic — it’s a governance framework  that enforces who

“Maybe these little attacks like data diddling or salami attack won't be in the exam, but they build upon the core foundations of CISSP.” – Luke Ahmed Today is Day 42 of Yihenew’s CISSP study plan, covering two classic — and often overlooked — security threats: Data Diddling  and the Salami Attack . These attacks may sound simple, even outdated, but they represent the heart of what CISSP teaches: understanding how small, unnoticed manipulations  can lead to large-scale integr

“Tough cryptography topic! It took me at least 3 days to understand it. Keep going, Yani!!!” – Luke Ahmed Today is Day 41 of Yihenew’s CISSP study plan, diving into one of the most mind-bending cryptographic principles on the exam — the Birthday Attack , also known as the Birthday Paradox . This topic doesn’t just test your memory — it tests your ability to reason about probability and collisions . Understanding this concept solidifies your knowledge of hash functions , messa

“Access control defines power — and with DAC, that power belongs to the data owner.” – Luke Ahmed Today is Day 40 of Yihenew’s CISSP study plan, focusing on Discretionary Access Control (DAC)  — one of the core access models in cybersecurity and a frequent source of confusion on the CISSP exam. DAC grants data owners the discretion to decide who can access their resources. It’s flexible, but with that flexibility comes risk. Understanding DAC helps you recognize where human j

“The CIA Triad is the core principle of not only the CISSP exam, but all of cybersecurity.” – Luke Ahmed Today is Day 39 of Yihenew’s CISSP study plan, focusing on one of the most fundamental — yet frequently misunderstood — pairs of concepts: CIA vs DAD . The CIA Triad  forms the backbone of every information security decision you’ll make as a CISSP. The DAD Triad , on the other hand, is its opposite — representing the consequences when those principles fail. Understanding b

“Late nights, early mornings — a recipe to put CISSP after your name! And you did!” – Luke Ahmed Today is Day 38 of Yihenew’s CISSP study plan, focusing on Defense in Depth  — the multilayered security strategy that every CISSP must be able to design, justify, and explain. Defense in Depth is not about piling on tools — it’s about ensuring that each control layer complements the others. From physical access to encryption, every layer should serve a purpose in minimizing risk.

“Great to see you studying data ownership on this 37th day! Ownership in general is important, as well as the delegation of data maintenance!” – Luke Ahmed Today is Day 37 of Yihenew’s CISSP study plan, focusing on Data Ownership  — one of the most important governance concepts in the CISSP exam. Many candidates overthink encryption and storage mechanisms but overlook a fundamental question: Who owns the data? Understanding ownership clarifies accountability, responsibility,

“Control frameworks not only provide a guide for the organization, but are essential to know for a high-level certification such as the CISSP!” – Luke Ahmed Today is Day 36 of Yihenew’s CISSP study plan, focusing on ISO 27001 , one of the most respected international standards for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS) . If you understand how ISO 27001 fits into the CISSP mindset, you’re already thin

“To anyone reading this — if you don't understand BCP/DRP for the CISSP, you will fail the exam. Yani made sure he knew it completely.” – Luke Ahmed Today is Day 35 of Yihenew’s CISSP study plan, focusing on three of the most exam-critical metrics in Business Continuity and Disaster Recovery (BCP/DRP)  — MTD, RPO, and RTO . These terms aren’t just definitions — they are management decisions  about how much downtime and data loss your organization can afford before the busines