CISSP (Certified Information Systems Security Professional) Exam Guide

The **CISSP** is the most prestigious cybersecurity certification for leaders and experts. It validates a deep understanding of information security management, risk management, and security architecture. Required for CISO or Security Architect roles.

What is the primary goal of risk management according to CISSP?

Answer : To identify, assess, and reduce risk to an acceptable level for the organization.

The goal is not to eliminate all risk (which is impossible), but to manage it to protect organizational assets.

What are the three pillars of the CIA triad?

Answer : Confidentiality, Integrity, and Availability.

This is the foundation of any security strategy: protecting access, ensuring data accuracy, and guaranteeing continuous access.

What is Multi-Factor Authentication (MFA)?

Answer : A method requiring two or more distinct types of identification (e.g., password + SMS code).

It relies on three factors: something you know, something you have, and something you are.

What is the role of the Data Custodian?

Answer : To technically manage data (storage, backup, access) according to the Data Owner's directives.

While the owner defines rules, the custodian implements them technically.

What is the difference between Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)?

Answer : BCP focuses on keeping business operations running, while DRP focuses on technical restoration of IT systems.

DRP is often considered a technical subset of the overall BCP.

Related Certifications

• ISC2 Certified in Cybersecurity (CC)
• ISC2 Systems Security Certified Practitioner (SSCP)
• ISC2 CCSP - Certified Cloud Security Professional
• ISC2 Building AI Strategy Certificate