December 7, 2018

Cross-domain correlation is a technique I (think?) I created when studying for the CISSP exam.  It's the process of picking a random topic in one domain, and then trying to relate it to another random topic in the other 7 domains.  The point was to confirm my knowledge of the concepts across a broad spectrum of CISSP topics.  The idea is that everything i...

August 16, 2018


The Situation

You can learn a lot about encryption,  hashing, and DH when configuring a site-to-site VPN. 

I was on a conference call where several other network security engineers, project managers, and networking teams were trying to bring up an existing site-to-site...

August 2, 2018


I was fortunate enough to work in the security industry while studying for the CISSP.  

Dealing with firewalls and creating VPNs was a daily routine, and this made the Cryptography domain of the CISSP VERY easy.  

Others may not have the same opportunity, so I thought I would share with everyone how symmetric encryption is used in real life. 

 For other CIS...

January 28, 2018

Video and Notes on Transport Layer Security

  • Technical preventative control

  • TLS is just one of those things that is going to be on the exam, there is no way to avoid it.  Mainly because TLS is heavily emphasized in all your books.  Especially when they mention encrypting web traffic.

  • Involves a TLS handshake AFTER the TCP Handshake. 


January 24, 2018

Exclusive OR is a mathematical calculation in cryptography.  It is a logical operation. 

There are other logical operations in our CISSP study guides: AND, OR, NOT, Modulo Function etc. etc. 

XOR though, is the most important and the most used.

And it's really easy to understand. 

It consists of the multiplication of 1 and 0, that's it.  

If it's 1...

January 22, 2018

To watch more CISSP videos like this,

become a member:

April 4, 2017

Digital signatures should be one of your most favorite things to study for the CISSP exam.

By knowing the concept of digital signatures, you also get to know about these 4 other things: 

  • Hashing

  • Nonrepudiation

  • Encryption

  • Authentication

All 4 of the terms above go into making digital signatures possible.  If you were ever confused about...

March 10, 2017

These notes have been provided by one of our group members in the Study Notes and Theory study group, and I appreciate every word of it.


Asymmetric uses different keys for encryption and decryption where as Symmetric uses the same key for Encryption and Decryption.

Encryption Algorithm also known as cipher

Symmetric Algorithm is either b...

March 20, 2015

The Wassenaar Arrangement can be a difficult topic to approach because it deals with “good guys” vs the “bad guys”.  The problem is, everyone has different definitions of “good guy” vs “bad guy”.

This international arrangement is officially defined as “Export Controls for Conventional Arms and Dual-Use Goods and Technologies”.

So what does that mean?

If you...

Please reload

© 2013 Study Notes and Theory
Terms and Conditions/Privacy Policy

Proudly created to make you

a better security professional.