"The Memory Palace – one of my favorites!"– Luke Ahmed

Today is Day 26 of Yihenew’s CISSP study plan, focusing on Ransomware — not just as a buzzword, but as a real-world threat that connects to multiple CISSP domains.

Key Areas Covered:

• What Ransomware Is — malicious software that encrypts a victim’s data and demands payment for the decryption key.

• Attack Vectors — phishing emails, malicious attachments, drive-by downloads, RDP exploitation, and supply chain attacks.

• Business Impact — downtime, loss of customer trust, legal fines, and sometimes permanent data loss.

• Controls Before the Attack — user awareness training, email filtering, vulnerability management, least privilege, backups.

• Controls During the Attack — segmentation, incident response, containment, shutting down affected systems quickly.

• Controls After the Attack — restore from backups, forensic investigation, communication plan, lessons learned.

• CISSP Exam Tie-In — ransomware scenarios test your ability to apply defense-in-depth and risk management thinking, not just point solutions.

In this CISSP study plan session, Yihenew emphasized that ransomware is a cross-domain problem — a technical threat that becomes a business continuity and governance issue the moment it hits.

Quick CISSP Practice Question

Which of the following best reduces the impact of a ransomware attack on critical systems?

A. Installing IDS/IPS

B. Keeping regular offline backups

C. Using single sign-on

D. Requiring strong passwords

✅ Correct Answer: B. Keeping regular offline backups

Explanation:

• Offline backups are the most effective way to recover without paying ransom.

• IDS/IPS and strong passwords help reduce the chance of compromise, but once ransomware hits, backups determine recovery.

• SSO doesn’t mitigate ransomware at all.

Think Like a Manager: When you see ransomware on the exam, don’t get tunnel vision on technical tools. Think: What lets the business recover? The manager’s answer is backups and recovery planning, not just prevention.

Check out Yani's TikTok or see Day 25 or Day 27.

👉 Can you take the Yani Challenge?

55 days of consistent CISSP prep, tackling one domain at a time, using only the resources below:

Course

Luke's CISSP Course (2 months access, $89.98)

One-to-one Zoom sessions with Luke Ahmed (2 weeks before exam)

Books, Notes, and Practice Questions

All-In-One Study Guide by Shon Harris (Around $45)

Sybex 10th Edition (Around $52.55)

Official CISSP Practice Tests, 4th Edition by Mike Chapple & David Seidl (Around $35)

How To Think Like A Manager for the CISSP Exam ($29.99)

Total Cost: approxiamately $250 depending on your geographic location. Yani is located in East Africa.

📚 Study Plan (55 Days of Dedication):

- Weekdays: 2–3 hours of focused study—late nights and early mornings (5 AM).

- Weekends: 5–6 hours of deep study sessions.

Pass CISSP in first attempt within 100 questions.

Yani's biggest expense was his time, committment, consistency, and dedication! It was worth it because he passed first attempt in 100 questions using the above resources only.

If Yihenew could do it, so can you.

All the best Future CISSP. You can feel free to contact me anytime as well.

Thank you.

Luke Ahmed