Thanks @daniel-lowrie87 that's why I asked. I would like to add Splunk knowledge to my resume. Since Splunk is a leading brand and with XDR exposure I think it would place me in a nice spot. Thanks for your time.

Please submit this as a course request via the chat bubble on our site. We do not currently have it on our roadmap for 2024. But that is the official way to insure that your request is logged and makes it to our team for evaluation and consideration.

I found the following article: https://www.techtarget.com/searchsecurity/tip/Steps-in-the-information-security-program-life-cycle

It doesn't reference what model is being used but it is aligned with this question. Would love to know whether I need to know this information for the CISSP exam.

Yes on that last point except if there is some sort of opportunity to perform an extraction of the keys through a more invasive approach. Pretty unlikely in most scenarios but I didn't want to leave out the possibility.

Thanks!

The real problematic one is "lighting" since this could be checked out in the initial analysis.

Yeah - the right answer here was shatter resistant because that was the main concern the question author was concerned with. In the actual exam, I would hope the question would make the choice a bit more obvious. For example, we could state in the question that employee safety is a primary concern.

Might be a potential course down the road.

For this one it would appear we have to trust the official curriculum. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition and its previous editions. As far as I can tell, this functional order of controls was not pulled from a standards document.

The area you seem to be looking for would be more in the realm of GRC (Governance Risk, and Compliance). Though you will get introductions to this area from just about every vendor certification. It will depend on the level of depth you desire. With ISC2, CISSP, this focus is more on management of security in the IT space and SCCP does go into more depth about managing security within systems. Neither is easy and requires much study and expense.

ISACA also has the CRISC certification. Again, more aligned with your stated goals. We offer you a chance to look at all three within our site and compare which may be the path you choose to walk down.

Yes - it sure seems like you have it Doug! When a technology is defined like IDaaS - there are general statements made about how it is implemented. Unfortunately, these statements are so general that they do not always reflect how a specific organization is implementing the technology.

Time for an extreme example - you could have a company go completely cloud for their IT and now there would be NO on-prem identity services.

Please submit this issue via the chat bubble on our site. This will officially log this issue and get it diretly addressed by our member services team.

Hey @Daniel-Loyer ,

The updated CISA is available if you're still looking for that cert!

Hey @David-Thompson

Pretty much. What you'll find is that many people will double up on roles in small to medium size companies. Plus, in an ISO 27001 environment, the organization's Board of Directors is ultimately accountable for much of what happens in the company. What typically happens is that the person responsible will be working closely with the accountable person with a reporting structure to the accountable and support in resources to the responsible. It's supposed to be a two way street. In reality, this can become an issue if there isn't appropriate communication and well-defined tasks. And in the case of your example, if it was a bad enough incident, you'd be fired. :-)

Great question David!!

Hi, Doug! You have the definition of each well spelled out. Incident and breach are technically two separate but related terms. You can have an incident that doesn't result in a breach. Incidents ONLY become breaches if an organization’s information is stolen.

I hope this helps clarify things for you. Thanks for taking the time to point out our presenters' error.

Thanks @Victor-Rosa !!!

I appreciate the compliments and I'm glad to hear that you're enjoying my training :)

We created the 601 course to be in a more logical order - but you could watch it in domain order as our episode titles follow closely from the exam objectives. Good news - our upcoming 701 version we shot in a modular format to directly mirror the exam domains.

Please submit a course request via the chat bubble on our site. That is the official way to log the request and ensure it gets the right people for course development evaluation.

@Darren-Appanah you are most welcome, and as you need help with your training do not hesitate to reach out, here in the forums!

If you have no IT background, you might want to peruse the ITF+, A+ and/or Network+ content to gain a solid foundation before you dive headlong into the cyber stuff.

Thank you very much for your reply and your suggestions, I will most certainly give that ago

Stay safe and have a good day