Anatomy of (ISC)2 CISSP Common Body Knowledge

Photo by Joyce McCown on Unsplash

Domesticate the wild animal

Let’s take a look on the inside

  • The first thing to understand when getting into cybersecurity is to learn the CIA triad (Confidentiality, Integrity, and Availability). It represents the cornerstones of Information security.
  • Understanding the business and its corporate functions and how cybersecurity enables the business is a key success factor, along with being familiar with the compliance and regulatory requirements that the company has to comply with.
  • Cybersecurity governance starts with laying down the policies, standards, procedures, and guidelines that will facilitate the implementation and operationalization of the security controls to mitigate the risk the company is exposed to.
  • Humans are the weakest point for any organization’s, even when having a layered defense implemented, it is crucial to educate and aware of the employees since their first day at work.
  • Reading the (ISC)2 Code of Ethics helps you understand the spirit of working in cybersecurity and being honest and accountable.
  • Since disasters happen, you will need to understand the business continuity planning principles and how to recover from disasters.
  • Information is the most valuable asset for a company.
  • Asset management must follow a lifecycle, and information must be classified.
  • Each asset is tied to its owner.
  • Data security controls allow organizations to safeguard their most valuable informational assets, such as IP (Intellectual Property) and Trade secrets.
  • Security and Privacy are different but can serve the same purpose.
  • Learn security models and design principles in order to create and/or implement security controls.
  • Get familiar with the different security capabilities you can leverage to protect an organization.
  • For me it is an art, it fascinates me. But I don’t know if you agree with me. Yes, It is Cryptography. It is one of the most important topics in cybersecurity in general and CISSP CBK specifically.
  • Physical security is important to safeguard the company’s assets. But also safeguard what is most important, “Human Lives”.
  • Is important to know the OSI model seven layers, but having security in mind is a must.
  • Get familiar with the security components of a network and how to secure the different communication channels.
  • With the world of IT getting more focused on the users, and the spread of BYOD (Bring Your Own Device) policies, security controls around the user’s identity is the new way to protect the corporate data regardless of its location.
  • AAA (Authentication, Authorization, and Accountability) three principles that help to manage physical and logical access to assets. It identifies subjects (e.g. users), validates their identity and eligibility to access an object (e.g. asset).
  • Secure by design is a must, but it is not possible to eliminate human errors. That’s where security assessment and audit strategies play a key role in making sure the security controls are effective and operating as expected.
  • Being ready for the worst and planning for disaster recovery is primordial, as much as being proactive and designing layered secure applications and systems is a stepping stone for robust security.
  • However, running flawless security operations is the reflection of agility and adaptive security architecture.
  • Security operation teams are responsible for administrating and maintaining the security platforms, respond to incidents, investigate, and collect intelligence.
  • Testing real-life scenarios are the ultimate proof of security strategy effectiveness.
  • Planning and testing are important steps in a software development lifecycle, but with security in mind, it will enable the company of deploying secure software.
  • Development teams must be trained to code securely and follow security guidelines and standards.
  • In order to have an effective software security, all logging and changes must be audited, and software periodically tested and validated.

Next step




Cybersecurity Professional, Lecturer, Cryptographer, Martial Artist.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

RocketSwap Guides — Staking (

A Hybrid Cloud Approach to Securing Public Cloud

Features of Remote Desktop Protocol

Features of Remote Desktop Protocol

Openware Crypto Digest #12

Crush Protocol (CUP) Airdrop

Practice Safe Surfing

Identification, Authentication and Biometrics

What You Should Discover About Higher Education Websites Ahead of GDPR

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Seif Hateb

Seif Hateb

Cybersecurity Professional, Lecturer, Cryptographer, Martial Artist.

More from Medium

The Importance Of Online Reputation Management (And 8 Tips To Improve It) — Just Gilbey IT…

The Problem With Cybersecurity Certifications

Jackie’s Journaling: Day 39 — Podcasts

Top 5 skills to get in 2022