@Nnanna-Nwoke Are you still looking for a study partner?

@Taylor-Armstrong,
These are not on our current roadmap. Please submit these as course requests via the chat bubble on our website. This will officially log these request and make sure they get to the right team for consideration.

@Taylor-Armstrong,
In 2024, we've had to remove some items on our video production schedule. Please submit this as a courses request via the site's chat bubble. This will officially log the request for us to consider for the road map.

@Andrew-Despres You are very welcome. Like Daniel once said. "If you can't go straight trough, take a detour". In my opinion, Cloud Security is new way to break into Cyber Security. Unless you create a big network of people inside the industry.

Please submit the name of the lab series and module you're attempting to get working, along with your description of the issue via the chat bubble on our site. This will log the issue with support and will allow our team to identify and work with you on the issue you're describing. Thank you.

Hi Robert - our category DODD 8570 identifies the content we have that is included as a baseline cert https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/. As you said, there is a lot of information out there and it can be confusing. Hope this link helps. Thanks!

Thanks @daniel-lowrie87 that's why I asked. I would like to add Splunk knowledge to my resume. Since Splunk is a leading brand and with XDR exposure I think it would place me in a nice spot. Thanks for your time.

Please submit this as a course request via the chat bubble on our site. We do not currently have it on our roadmap for 2024. But that is the official way to insure that your request is logged and makes it to our team for evaluation and consideration.

I found the following article: https://www.techtarget.com/searchsecurity/tip/Steps-in-the-information-security-program-life-cycle

It doesn't reference what model is being used but it is aligned with this question. Would love to know whether I need to know this information for the CISSP exam.

Yes on that last point except if there is some sort of opportunity to perform an extraction of the keys through a more invasive approach. Pretty unlikely in most scenarios but I didn't want to leave out the possibility.

Thanks!

The real problematic one is "lighting" since this could be checked out in the initial analysis.

Yeah - the right answer here was shatter resistant because that was the main concern the question author was concerned with. In the actual exam, I would hope the question would make the choice a bit more obvious. For example, we could state in the question that employee safety is a primary concern.

Might be a potential course down the road.

For this one it would appear we have to trust the official curriculum. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition and its previous editions. As far as I can tell, this functional order of controls was not pulled from a standards document.

The area you seem to be looking for would be more in the realm of GRC (Governance Risk, and Compliance). Though you will get introductions to this area from just about every vendor certification. It will depend on the level of depth you desire. With ISC2, CISSP, this focus is more on management of security in the IT space and SCCP does go into more depth about managing security within systems. Neither is easy and requires much study and expense.

ISACA also has the CRISC certification. Again, more aligned with your stated goals. We offer you a chance to look at all three within our site and compare which may be the path you choose to walk down.

Yes - it sure seems like you have it Doug! When a technology is defined like IDaaS - there are general statements made about how it is implemented. Unfortunately, these statements are so general that they do not always reflect how a specific organization is implementing the technology.

Time for an extreme example - you could have a company go completely cloud for their IT and now there would be NO on-prem identity services.

Please submit this issue via the chat bubble on our site. This will officially log this issue and get it diretly addressed by our member services team.

Hey @Daniel-Loyer ,

The updated CISA is available if you're still looking for that cert!

Hey @David-Thompson

Pretty much. What you'll find is that many people will double up on roles in small to medium size companies. Plus, in an ISO 27001 environment, the organization's Board of Directors is ultimately accountable for much of what happens in the company. What typically happens is that the person responsible will be working closely with the accountable person with a reporting structure to the accountable and support in resources to the responsible. It's supposed to be a two way street. In reality, this can become an issue if there isn't appropriate communication and well-defined tasks. And in the case of your example, if it was a bad enough incident, you'd be fired. :-)

Great question David!!