#CISSP
Hello everyone, in this short video, I want to share some insights about GRC (Governance, Risk Management, and Compliance) that can help you ace your #cissp exam. When I say "perspective," I mean providing you with a practical understanding that you might not find in textbooks but comes from real-world experience.
Think back to your school days when you learned about standards for Mass, Length, and Time in physics. These standards, like kilograms for Mass or meters for Length, are crucial because they give meaning to our daily activities. Imagine a world without such standards; conducting business or transactions between different communities or countries would be incredibly challenging.
In the realm of information security, we also rely on standards, particularly for aspects like confidentiality, integrity, and availability. These standards translate into "security controls" standardized by organizations like #nist and #ISO. For CISSP, we often discuss NIST's standards. One critical standard is NIST 800-53, which outlines the security controls that companies should implement for information security.
Apart from security controls, we need standards for risk management. NIST offers guidance in documents like 800-39 and 800-30. There's also 800-37, a risk management framework for federal organizations. These standards are essential for the governance of cybersecurity and information security.
Additionally, there's the Cybersecurity Framework (CSF), which helps organizations implement security controls effectively. Think of it as a roadmap for achieving cybersecurity goals. NIST 800-53 aligns closely with cybersecurity governance, while 800-30 and 800-39 focus more on risk management. CSF guides you in reducing cybersecurity risks.
To simplify, you can view NIST 800-53, 800-39, and #CSF as part of the Governance, Risk, and Compliance (GRC) framework. Compliance ensures that implemented controls align with recommended security standards. There's also 800-53A, which assesses security controls, distinct from the Cybersecurity Framework.
In essence, we rely on these NIST and ISO standards to establish a baseline for security and risk management, with CISSP often emphasizing NIST 800-53 for governance. So, as you prepare for your CISSP exam, keep these standards and their respective roles in mind. Best of luck!
