For this one it would appear we have to trust the official curriculum. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition and its previous editions. As far as I can tell, this functional order of controls was not pulled from a standards document.

The area you seem to be looking for would be more in the realm of GRC (Governance Risk, and Compliance). Though you will get introductions to this area from just about every vendor certification. It will depend on the level of depth you desire. With ISC2, CISSP, this focus is more on management of security in the IT space and SCCP does go into more depth about managing security within systems. Neither is easy and requires much study and expense.

ISACA also has the CRISC certification. Again, more aligned with your stated goals. We offer you a chance to look at all three within our site and compare which may be the path you choose to walk down.

Yes - it sure seems like you have it Doug! When a technology is defined like IDaaS - there are general statements made about how it is implemented. Unfortunately, these statements are so general that they do not always reflect how a specific organization is implementing the technology.

Time for an extreme example - you could have a company go completely cloud for their IT and now there would be NO on-prem identity services.

Please submit this issue via the chat bubble on our site. This will officially log this issue and get it diretly addressed by our member services team.

Hey @Daniel-Loyer ,

The updated CISA is available if you're still looking for that cert!

Hey @David-Thompson

Pretty much. What you'll find is that many people will double up on roles in small to medium size companies. Plus, in an ISO 27001 environment, the organization's Board of Directors is ultimately accountable for much of what happens in the company. What typically happens is that the person responsible will be working closely with the accountable person with a reporting structure to the accountable and support in resources to the responsible. It's supposed to be a two way street. In reality, this can become an issue if there isn't appropriate communication and well-defined tasks. And in the case of your example, if it was a bad enough incident, you'd be fired. :-)

Great question David!!

Hi, Doug! You have the definition of each well spelled out. Incident and breach are technically two separate but related terms. You can have an incident that doesn't result in a breach. Incidents ONLY become breaches if an organization’s information is stolen.

I hope this helps clarify things for you. Thanks for taking the time to point out our presenters' error.

Thanks @Victor-Rosa !!!

I appreciate the compliments and I'm glad to hear that you're enjoying my training :)

We created the 601 course to be in a more logical order - but you could watch it in domain order as our episode titles follow closely from the exam objectives. Good news - our upcoming 701 version we shot in a modular format to directly mirror the exam domains.

Please submit a course request via the chat bubble on our site. That is the official way to log the request and ensure it gets the right people for course development evaluation.

@Darren-Appanah you are most welcome, and as you need help with your training do not hesitate to reach out, here in the forums!

If you have no IT background, you might want to peruse the ITF+, A+ and/or Network+ content to gain a solid foundation before you dive headlong into the cyber stuff.

Thank you very much for your reply and your suggestions, I will most certainly give that ago

Stay safe and have a good day

Project Management skills are the same across all fields. The field you choose, such as IT, the company will provide the tools and context you will need to do to project management in that field. I would consider the CompTIA Project+ course we have as a solid introduction. Also, If you have no experience in Cybersecurity, you may want to consider the CompTIA A+, Network+, and Security+ to provide the foundational knowledge all IT people should have, even project managers.

B is correct answer because the question asked "not".

Congratulations @Paris-Robinson-0, keep up the hard work!

@SIMON-TAPLIN,

Hello... the more reading that I do. I see that SSCP may be the equivalent of Security+.

So, I would think that CASP+ assumes the candidate has the knowledge of Security+ but probably doesn't cover all the details you're likely to find in either SSCP or Security+.

https://www.isc2.org/articles/SecurityPlus-or-SSCP-Which-Is-Right-for-Me#

@Stephen-Ott,

It is possible. Adam has no updated notes for that particular episode.

Hello there my friend! So sorry for the delayed response.

I teach you how to construct your own free lab using any OS of choice.

If the courses are popular, I am guessing we will construct our hosted labs.

Enjoy!

Thank you IT-Pro TV for the update.
Regardless still love the video content :)