CCT 006: Compliance Requirements (CISSP Domain 1)
Feb 06, 2023
Shon Gerber from CISSPCyberTraining.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career. Shon utilizes his expansive knowledge in cybersecurity from being a Red Team Squadron Commander; Chief Information Security Officer (CISO); and Adjunct Professor providing superior training from his years of experience in educating people in cybersecurity.
In this episode, Shon will talk about the following items that are included within Domain 1 (Security and Risk Management) of the CISSP Exam:
· CISSP / Cybersecurity Integration – HITECH
· CISSP Training – Compliance Requirements
· CISSP Exam Question – Preventive Controls / CIA Triangle
BTW - Get access to all my Training Courses here at: https://www.cisspcybertraining.com
Want to find Shon Gerber / CISSP Cyber Training elsewhere on the internet?
LinkedIn – www.linkedin.com/in/shongerber
CISSPCyberTraining.com - https://www.cisspcybertraining.com/
Facebook - https://www.facebook.com/CyberRiskReduced/
LINKS:
- ISC2 Training Study Guide
- Quizlet
- Tech Target
- Compliancy Group
Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.
[00:00:00] Hey y'all. This is Shon Gerber. Thank you so much for listening today. But before we get started, I have a question for you. Would you like to finally pass the CISSP and get started building a lucrative and rewarding career in cybersecurity? I can help you over at CISSP Cyber training.com with the resources and tools you need to pass the CISSP the first time.
At CISSP cyber training.com, there's a vast array of resources available that will give you the guidance direction and training you need to pass the CISSP exam. As soon as you get done with this presentation, head on over to css p cyber training.com so that I can begin helping you today to meet your CISSP goals and grow your career in cybersecurity.
Alright, let's get started. Welcome to the reduced Cyber Risk and CISSP training podcast. Where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Shon [00:01:00] Gerber and I'm your host for this action packed informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge.
Alright, let's get started. Let's go. Hey y'all is Shon Garber from Reduced Cyber Risk and I hope you're all having a wonderful day in this beautiful state of Kansas. I'm having a great day. It's 75 degrees, it's gonna be gorgeous today. Gonna be a little warm, which is. Awesome. It's also gonna be just a little bit on the cool side in the evening, which is even better.
And uh, the mosquitoes haven't come out yet that are the size of birds. I saw some small spiders running around, which are quite large actually, but yeah, that's not bad. My dog just eats those. But other than that, life is good here in Kansas and we are gonna be taught about some. Awesome things as it relates to cybersecurity today on today's podcast.
But before we do, I wanted to kind of go talk to you a little bit about reduce cyber risk and some great training that I've got out there for you specifically, and this is C I S'S P training that you can get through Udemy right now. It's awesome. You can [00:02:00] just go to the site, Udemy, and you can search for my name, Shon dot Gerbert.
Or you can click on the show notes and I've got a great link to it on CS S P training at Reduced Cyber Risk. And it will take you specifically dre, straight to Udemy and get some incredible CISSP training that I have available for you. And this is great stuff. And as you know with Udemy, they give you some really good prices on this.
You really can't beat it at all. I mean, honestly, the bargain basement prices are pretty amazing just by going to Udemy and getting those. So again, you can check those out at Udemy. Dot com or you can go click on my link at reduced Cyber Risk and get that CISSP training specifically for you. All right, so we're gonna be talking about today the C I SS P cyber security integration.
We're gonna be getting into a product called hightech. Okay? That's a health insurance, uh, info or health information piece of this, and we'll kind of go into that in just a little bit. CISs P training is gonna bring around compliance requirements. And then the CISSP exam questions are gonna be on preventative [00:03:00] controls and the c i triangle.
All right, let's get going. Okay, let's roll into this. So this is from Wikipedia and it talks about high-tech. And high-tech is the health information technology for economic and Clinical health Act. Of 2009. Okay, yes. Say that 10 times and your brain will freeze and you're probably going, what the dickens is that?
Well, this final falls into the compliance aspects that we're gonna get into, and Wikipedia had a really good product about this and put it out there. Someone had obviously typed it into Wikipedia and went through the different aspects of high high-tech and, and high-tech is one of those things if you're dealing in the health insurance aspects and if you are studying for your CISSP, which I assume you probably are, if you're listening to this podcast.
And or you're a cyber security professional, wanting to understand a little bit more about these aspects. Cuz honestly, when being a Ci s p myself, you get very niched into a certain area and so therefore you kind of forget or you don't really deal with these other aspects. And this is just a really [00:04:00] good way of for you to kind of understand and broaden your, uh, capabilities.
And this was per anticipated, the expansion of e protected health information, which is the electronic. P h I, and I don't know if you all are in the United States and you're probably around this, around the globe as well. I just got back from China and I noticed that everything they have is online. I mean, you use WeChat for everything.
They use Alipay for other aspects. So I mean, they are totally connected in China and I think there's just, it's, it was when I was in India, the same thing. Everybody's on their phone, they're walking around the streets, so it's only gonna be more and more of this. Well, in the United States, we are all as two are, are moving along in this space and electronic.
Uh, health records are actually all out there. Uh, right now. If I can go online, I can look at all my kids and what they have online, what, what are some of the different cases? I have to go to the doctor. All of my authorizations, all that stuff is done online. And so this, this was designed to help with that electronic capability that just kept coming up as they kept [00:05:00] dealing with this.
And this was passed by the Obama administration back in 29, 20 2009. And the goal of it was to reduce the cost of healthcare sharing as they're putting stuff out. And, and so therefore it, that's kind of why it came out was just to help reduce those physical costs. Now this is the design is that if you're having data between hospitals and other entities that store your E P H I or your e patient health information, and that's the whole purpose of it.
So there's lots of information that is passed back and forth between an entity that, let's just say you have a company that is a third party to a hospital, and these people work on MRIs. Well, they have the ability to have some data of individuals. That is passing back and forth. Well, they wanted some level of privacy added to these, and it expanded the scope of privacy and security protections for this data that is moving around between these entities.
And it also increased the le legal liability if you don't protect it. Now, one thing I've learned in corporate [00:06:00] world is that you have lots of third party vendors, and these vendors will, uh, are basically the little fish that sit around the big whale. And so therefore, they are all servicing this big, the big whale.
Well, what ends up happening is, is. Sometimes these guys' security isn't as as intense as it possibly should be, and so therefore they induce a lot of issues to companies because of the simple fact is that they're tied in. Well now you add the complexity. So you know, corporate America, you have a vendor that takes care of you.
You have those requirements to, to make sure they protect your data, but now you add that additional component of having, uh, P I I or P H I, which is your patient health information potentially being stored by these third parties. Well then what ends up happening is now you've just incurred greater risk by having these third parties involved within your hospitals.
So therefore, this was to increase the legal liability of individuals who do not protect this information. Now they had put out some monetary incentives back in 2011 to 2015 to get people to [00:07:00] migrate to this direction. I know in China they've moved people to WeChat and I can, honestly, I can't even use a corporate credit card in China anymore just because everything is on WeChat.
Well, in the United States, they've, they've tried to move them in that direction. They didn't really say this is the way it's going to be, and so therefore, Those incentives were set up until 2015, and there were penalties though for not acting after 2015. So for some reason you said, you know what? I'm not gonna do it after 2015.
Then there were some penalties that you would ha be incurred for not doing that. Well, so it's 2019. And Mal, what? Well, the, the thing is that it's interesting is, and again this comes from Wikipedia, so I don't know if this is truly the case and it'd be interesting to see if anybody would provide some feedback around this.
But when it comes to 2019, There is an industry perception that it really isn't enforced, that they're not enforcing any of this capability at all. And so therefore it's, it's interesting how they're gonna do this. And what is the [00:08:00] long term play in this space? Not really sure. It, it'll be interesting to see if there's gonna be more enforcement.
Now. I am. You are seeing some things out there that there's more of this ratcheting up. However, one of the things that it is just. The perception is that it isn't really being enforced. Audits are occurring, but many feel that they're just not very effective in what they're doing. And the one thing that High-Tech had talked about the High-Tech Act was that if you have willful neglect and they have prosecuted some of these where you will be penalized and it, but it is set up on a case by case.
Basis, the fines will range anywhere from 250,000 to 1.5 million, uh, depending upon how willfully neglectful you are. So that's a lot of cash and you really not really focus on this. And if you're a CISSP going to work, or a health insur or a health company and you're dealing with high tech, you better understand how you're protecting these people's information because it.
Again, I come back to this, if, if you're not being audited and penalized now, it, it will [00:09:00] be, it's just a matter of time. It's, it's just a matter of time before there's a big breach or something large that happens, and then there will be a knee jerk reaction to then enforce these audits if they're not already being done.
So the best thing to do is to work, to strive to get towards compliance on these as best as you can, just because the simple fact of it is, is that you're gonna have to deal with it at some point and. It's only gonna get worse as we get more and more cyber breaches that occur with in every career, whether it's in the health industry or whether it's in manufacturing, whatever it might be.
Now, high-Tech also had a brief NOTIFICA breach notification, and this breach notification is similar to others that you deal with. PI I disclosure. Now, Hightech requires patients to be notified of any unsecured breach. You see this a lot in pretty much anything out there, deals with these unsecured breaches.
But if it's got 500 plus patients, then health and human services must be notified of this situation also. And to include that your state privacy officers would need to be notified as well. [00:10:00] So now you're not just in involving the individuals that are invo. The, the 500 plus people are hs. H hhs, you're notifying the PRI state privacy officers that the state that they resided in.
Now, if you are a large. Hospital, there's really good chance that you could have multiple states involved. So then you gotta deal with multiple lawsuits. So the fine is just one aspect of it. So 250 grand of 1.5 million is the fine from hhs, from Health and Human Services, but now you get into lawsuits for loss of their privacy information or their.
Their data that that can go up and be millions as well. So it's, it really behooves you to pay attention to this stuff and to strive to deal with trying to protect the data. And I've also mentioned this before you, when it comes to these compliance aspects, and again, I am not a lawyer, so do not take this as legal advice, but.
One thing that I would say is if you do everything in your power to protect information, and we all know that people's data will still get breached from time to time, it still will happen. But if you've done [00:11:00] everything you can to protect your data and put it in, in respect to what the is defined within the High Tech Act, then you are in a much better, more defensible position in the event of a breach.
Still doesn't mean you're not gonna get fine, and it still doesn't mean you're not gonna get sued by customers. However, you're in a much more defensible position. Then if you just say, eh, I'm not gonna worry about it. It's not being audited, nobody's caring about it. Nah, we'll just keep moving on. That is not a good place to be.
So just, just keep that in your back pocket. Again, not a lawyer, not the one that can tell you what to do, but it, it's just from what I've seen in this space, in this world, that doing those things and that due diligence goes a long way, especially with. Courts. They also talked about breach. Patients need a first class mailing, and then they must basically re resolution to the issue, and it must specify specifically what did you do to fix it.
Are you putting them on some sort of, oh, what do they call that? I can't even think of the name of it. Where you're dealing with the, uh, Identity theft, protection, those kind of things. Are you dealing with that? Are you putting on people in there protecting their data through, uh, [00:12:00] Experian or one of those?
And then if you have possible credit monitoring services that you may offer to them, all of those things, they're gonna ask, what did you do to resolve the challenge that was occurred because of the breach? Okay. That's all I've got for this cybersecurity integration. Let's move on to the train It. Okay, this is under the CISSP domain one, security and risk management.
We're gonna be a topic on this. One is determining compliance requirements. All right. As we all know, compliance is a huge aspect as it relates to cybersecurity and the CISSP. So 1.3 of the CISSP training manual that you'll get through ISC squared, kind of talks a little bit about compliance requirements and some of the things you need to be considering about that.
And one of the topics is determining compliance requirements. So let's kind of roll into a little bit about this and see what you, what we can kind of dig into. But basically there's an overview. There's an active conforming or adhering to rules. Policies, regulations, standards, or requirements. And it's basically, you must comply [00:13:00] with these things.
And I kind of talk about, there's a couple different areas. There's, there's a big C compliance and little C compliance. Well, when you're dealing with these big C compliance, this means you must follow rules, policies, regulations, standards, or requirements. And I deal with this on a daily basis. If you're a cybersecurity professional, this is something that is near and dear to your heart and you must deal with it.
All the time now, employees need to be trained on their responsibility around complying with applicable laws and the regulations. And you need to make sure that you teach people this. And as it relates to cybersecurity, in the past it's always been compliance does one thing, cybersecurity does another cuz we're under it.
That is not the case at all. Deal with our compliance folks. All the time. I mean, on a, almost on a daily basis. And it's because now, especially now with cybersecurity rolling into every space of the world and from privacy to data protection, you name it, it's, it's all over that. You got gdpr, you got China cyber laws, you got privacy laws that are in Singapore.
You all over the place, so you're gonna have to deal with these. Now [00:14:00] you got states that all have different laws that are involved, and so you have, you get called in. On a routine basis to kind of go over. What do you think about that? I mean, and just to be honest, I've got emails in my inbox right now to talk about those specific issues.
So those are things you need to consider and it's very important to over in your overall security governance to understand these pieces. Now, as an example, you got PCI dss. Now there's extensive training available and required that you have to. To do when you're dealing with P C I D S S and I've also got on reduced cyber risk.
I've got some more training that's available for you on the P C I aspects that, uh, kind of go over that specifically and some specific training around it. But there's 12 main requirements. There's a firewall, configurations, there's a, you need to avoid a vendor supply default passwords, that's a big one.
Encrypt transmissions between locations. And we'll talk about in future podcasts around some different kind of transmission protocols and with encryption, uh, restrict access on card data. To only the people that need to know, not the guy you hired for the summer that's gonna [00:15:00] be surfing the web on the computer that holds all the information.
Not, not a good idea, just don't do that. And then there's many, many others, obviously. But bottom line is there's some key things that you must maintain with your, when you're trying to get PCI DSS certified. And so as a vendor who, or as an individual who has. A credit card at their location, you're gonna have to make sure that these things are set in place.
Now, there's different PCI criteria that, that are available for you that you, you need to, depending upon what your company does, you'll have to follow. But bottom line is, is that you need to maintain these. And so therefore, as a cybersecurity professional, you need to make sure you're in compliance with that specific regulation and that rule.
Now when we're dealing with contractual legal and industrial standards, this is kind of an objective that's on the I, the CISSP and a privacy's been, been and continues to grow as a hot topic within the United States, and we see this all over the United States, especially in the the California, and I'm seeing it in Massachusetts, but you're also seeing it.
[00:16:00] States that don't typically fall. The California, Massachusetts type of timeline where, you know, those are the key drivers. The key ones that many people use to guide their direction around cybersecurity are actually around privacy. And there's many other states now that are adopting this piece.
Countries we're addressing this as a digital age continues to grow and you have China, us, eu, and this will vary from country to country. And I've also noticed, like even within China the. Country may say one thing, but even the provinces have different perspective of what the country is saying. So you've got that dynamic to deal with as well.
You have US privacy laws and there is a fourth amendment of the US Constitution, and this kind of talks about this, and this was again, obviously the constitution was dude done in 19 or in 19 17 70. I think it was 78 is when the actual constitution was done up. Alright. Get I, I think I screwed that up.
Probably. There'll probably be somebody that'll let me know. No, the constitution was done on 1786 and 22 9. It's, I think it was two years after it was actually ratified or the, actually the signers signed the, the, uh, yeah. What did they [00:17:00] sign? I'm blowing away. Sorry. It's quite early here in Kansas, and so I'm half asleep as we're doing this.
But, but it's a right for the people to secure their persons, their houses, their papers and effects against unreasonable search and seizures and shall not be violated. And this was designed in the United States around the king, the, the, the United Kingdom and, uh, England coming in, in their, their soldiers undoing unlawful search and seizures and just basically just ransacking the place, trying to find what they want and what they could about you.
And there should be no warrants shall issue, but upon probable cause, support by oath or affirmation and in particularly describing the place to be searched and the persons and things to be seized. Bottom line is you can't go in and just grab people's stuff and you gotta have a warrant to say that you're gonna do it.
That's the United States. I don't know how that is in the country of where you're listening to this, but hopefully you have something similar to that. Bottom line is though, as US Constitution spells it out, so you can pull that out when someone tries to do it. Changes to the amendment have include what we call wire tapping to include with.
With now it moved into the, it was the, wasn't [00:18:00] the digital age cuz Wire Tappings been around right after, obviously in the early 19 hundreds is when the, uh, that started all coming to be. And these, these, uh, laws are woefully inadequate in some cases. They're actually getting better over time, but in, I think in many cases, this just, they've had to keep, try to keep up with the digital transformation, which is extremely hard and challenging.
The Privacy Act of 1974, the federal government, this is where they deal with private information about individual citizens and it's get puts limits, thank goodness on what the government can do. Now, it doesn't mean that they're actually following it. You would love to say they are, but there's lots of wiggle room in legal language and so therefore they.
Do these things, and this is kind of also where the Patriot Act came into play, and we'll talk about that later on. But it allowed them to usurp some of these privacy laws that are in place and they had to go back and get resol or get it reaffirmed every year. But that's one of the things that's, that's a whole different animal.
This only applies to government. Agencies in this case here. So when you're dealing with privacy, it's, it comes down to [00:19:00] that only government agencies will be able to limit that about individual citizens and what they can actually do. Now, the exceptions are health and safety, census, law enforcement, court orders, and national archives.
And again, those, those could be tweaked a bit to help you help the government get what they want. But bottom line is those are the main exceptions to the Privacy Act of 1974. Now the Electronic Privacy Act, this is basically came out in 1986, which is kind of more my generation and yeah, that just dated me.
I'm like really, really old. It's basically, it was to invade the, it was to designed to invade the privacy, electronic privacy of an individual. It's a crime to do that, and so therefore, they wanted to put this in place and it helped broaden the Federal Wiretap Act that had been put in place in the early, I think it was in the fifties, that they put that fifties or sixties they put that in place.
I'm probably wrong on that as well. But it, it prohibited the in interception of the electronic communication. So they just couldn't go out and start sucking down information about you as it related to about proper warrants. [00:20:00] Right. And it's illegal to, for mobile, to tap into mobile phone conversations.
Now that has changed a lot. And this is from 1986 from when I had this big old bag phone that I put in my car with an antenna. And you, it was just, it was tied to a wire. That's come a long way since then. Now everybody has mobile phones and you, I still say, I walk it through India, you know, they got 1.4 billion people and everybody is on a phone.
Everybody's got their head down walking on a phone. It's just, it blows my mind. And that's what, that's kind of what cellular technology's done is it's helped expand these networks to places where, Typically phone coverage wasn't covered. You, you didn't have phone coverage, and now everybody does. It's connected the world, even more.
Communications assistance for law enforcement. This act as a 1994, and it allows for communication carriers to, to allow for wire taps. Now, that's where this came into play, where you could actually get into mobile phone conversations of the 1994. And hence that's why, because now they went from bag phones to everybody has a cell phone.
Now the Electronic Elec Economic Espionage [00:21:00] Act of 1996, this def extends the definition of personal property into the electronic property. So now you're, again, you're getting out of this whole physical data or I have a check now for a bank. I now have an electronic. Apple pay account. So it's going from personal property into electronic property.
The health insurance portability, hipaa, that was set up in 1996. This is privacy and security regulations incorporated into the law. These are specifically set up as they were set up in that law. And then, then we get into high-tech, which you talked about earlier, and this is the health information technology for economic, clinical, he health.
Act of 2009. And this was also to help update the HIPAA and privacy and security requirements as it relates to what, what's in place. And it deals with the, the technology, the E P H I, as we had talked about before. And the bottom line is it comes down to breach notification. Again, over 500 individuals, you have to notify H H S and then also the state privacy officers as well.
Some other notable mentions around this would be Copa, and this is a [00:22:00] big one as it relates to taking care of kids online. This is the Children's Online Privacy Protection Act of 1998, and this is basically an online privacy for children, and there's the Graham Leach Bliley Act of 1999. This, this is, uh, the financial restrictions between institutions and allow more communication between them.
One thing I wanted to come back with Copa. That's actually a really good thing that they've finally put in place for that. And it helps at put a little bit of restrictions around what you can show children and what you can't. I would say that in some cases they're kind of pushing the envelope on some of that a little bit.
And again, that comes down to what some people believe, but it's as it as data becomes more and more open and available, you really gotta watch what's out there for these kids. Cuz some of this stuff is pretty. No, it's not so good. It's not so good. US Patriot acts talked about that of 2001. That was a result or a resolution of nine 11 that had hit New York Trade Centers and took those out.
And it basically allows for blanket authority to monitor a person. Now it's set to expire in 2019 unless it's reviewed by Congress and it has been reviewed over the past. [00:23:00] I mean, I, it's every year they have to reaffirm it or every two years and they have to reinstate this, uh, Again, I think at this point in time, it's interesting to see.
It's one of those things like taxes, once you give, once you set up a certain amount of taxes and you pay taxes, it's really hard to revoke those taxes, and in many cases they don't ever go away. They always just stay there and you end up making more money to offset the cost of those taxes. Same thing comes into place around this with.
The Patriot Act, they, Congress doesn't wanna lose their control, and so it'll be interesting to see what happens with it. I think people are finally getting fed up from a privacy standpoint that, you know, you're protecting us from the bad guy, whoever the quote unquote bad guy is, uh, of the day. But at the end of the end of it, what do you lose from a privacy standpoint, which is very different than some other countries don't necessarily care so much.
But I would say here in the United States, it's becoming a more moral problem. At least this, with me, I, I'm not a big fan of it. I'm, I'm former military and I, I'm all for having the government have control in some cases to help protect the citizens. But it needs to be, uh, [00:24:00] structured and limited. Cuz at some point then it becomes ultimate power and that's just not a good thing.
So you gotta, gotta kinda watch that and put checks and balances on that. On the Family Education Rights and Privacy Act, this is for parents, students with parents and students with the rights, with educational institutions. So this is how you set this up with educational institutions that they manage, manage the rights of your students, and then identity theft and assumption to.
Terence axial. Lots of these. There's lots of bills. Lots of laws. Severe criminal penalties for identity theft. So this kind of falls in line with when you deal with identity theft, someone steals your stuff. They get nailed with multiple things. They'll get nailed with wire tap, they'll get nailed. Nailed with money fraud.
With money laundering. They'll get nailed with. In this case your identity theft, and this could be a $250,000 fine up to 15 years in prison term. So there's a lot of things that can get added for doing this identity theft stuff. That's why, again, the, the upside might be good, you might think it is, you get sort of short term cash and you can be living large for a while.
But the downside is you gotta break big rocks into little rocks and that's not just a good thing. [00:25:00] So there's the issues as it deals with identity theft and assumption deterrence act. Okay, so that's all I have for the CISSP training. Let's roll right into the exam Questions. All right. These damn questions are over Domain one.
All right. Here's a question. Preventative controls, okay. Authorize the president to designate those items that shall be considered as defense articles and defense services, and control their import and export. All right, so, What does that mean? What basically means is that there are is true because there are controls in place that the government can put in place that gives the president the ability to con put in restrictions around what can and cannot be imported and exported.
Now, the Arms Control Act of 1976 does this. This gives the president, the United States the authority to control important export of defense articles and defense services. Typically this gets called into play is [00:26:00] the cryptography, and so therefore, various cryptography and or cryptographic technology can be limited based on import export laws.
This has been, in the past, this has been seen where we used to have the craze supercomputer, which in today's world is probably old school, but it, you could only export certain technologies and that even went against the uk. I know they, they didn't. Have all the technology, they, they could be potentially sent to the United Kingdom, and so those, the president of the United States can authorize that.
Now, that goes both ways, right? The govern, other countries do the same thing to the United States for import export. I know Israel, Israel has a lot of stuff that they make specifically internally to them that they do export and sell, but I know they keep back some of the things that are specifically to their country.
So those are aspects around it that you've. That you'll understand from the C I S P question. It's the Arms Export Control Act of 1976 for anything that might be used from a defense standpoint for military [00:27:00] purposes can be limited. All right, another question is vulnerabilities and risks that are evaluated based on their own threats against which of the following.
Okay, so we have a one or more of the CIA Triad Triangle principles, B data usefulness. C, do care, and d. Extent of liability. All right. The answer is dun dun, dun. One or more of the CIA Triad Prime principles. All right, so when you're focusing on vulnerabilities and risks that are evaluated, what do you do against them?
You focus them on the cia, which is confidentiality, integrity, and availability. How do they affect each of those three? That will then determine how do you want to deal with that specific threat? So therefore, when you're evaluating it, you focus on the C I A triangle, and it really is, it comes back to that.
If you can focus on those three things, how does it affect confidentiality? How does it affect integrity of the data and how does it affect availability of the data? Those are all very important pieces that you need to keep in mind. Thanks so [00:28:00] much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes, as I would greatly appreciate your feedback.
Also, check out my videos that are on YouTube. Just head to my channel CISSP Cyber Training and you will find a plethora of content to help you pass the CISSP exam the first time. Lastly, head to CISSPs cyber training.com and look for the free stuff that is only available to our email subscribers.
Thanks again for listening.
CISSP Cyber Training Academy Program!
Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification?
Let CISSP Cyber Training help you pass the CISSP Test the first time!
