gtag('js', new Date()); gtag('config', 'G-YL6G77W7K6');
Home » Blog » ISC2 CC Domain 1 – Security Principles Notes and Summary
ISC2 CERTIFIED IN CYBERSECURITY CC FREE GUIDE FOR CYBERSECURITY AND IT PROFESSIONALS ENTERING INFORMATION SECURITY

ISC2 CC Domain 1 – Security Principles Notes and Summary

By / / Leave a Comment

In this Blog Post, I am sharing and writing the summary of ISC2 CC Exam Module 1 – Security Principles.

I have successfully trained over 100+ people for the CC Exam 1:1 so far, and now I am sharing this blueprint of security principals which will act as a resource.

In this Post, you can find:

  1. Articles related this module
  2. ISC2 CC Guide (This Post)
  3. Case Studies
  4. Vocab List
  5. Resources

I highly recommend you to bookmark this webpage and share it with CC Test Takers.

Also Check out ISC2 CC Training Page. Let’s get into it.

The Isc2 CC Certified in Cyber Security Exam has 5 domains:

  1. Security Principles
  2. Incident Response, Business Continuity and Disaster Recovery
  3. Access Controls
  4. Network Security
  5. Security Operations

Here, I am summarizing the Domain 1. You can save this web page for ISC2 CC Prep and share it with fellow test takers.

Also, you can checkout my personal ISC2 CC Exam Prep Strategy and Experience writing it at the center.

ISC2 Domain 1 Security Principles Summary

In Domain 1 ISC2 have broken down into these topics

  1. CIA Triad
  2. Authentication
  3. Non-Repudiation
  4. Information Assurance
  5. Privacy
  6. Elements of Cyber Attack
  7. Risk Management
  8. Security Governance
  9. Security Controls
  10. ISC2 Code of Ethics

I am writing the summary of these topics so that it becomes handy resource for you when you appear for the CC Examination.

CIA Triad

One of the foundational concepts of cybersecurity are three core types of
pillars: Confidentiality, Availability, and Integrity. CIA Triad is fundamental pillar of cybersecurity and information security. Everything in the real world industry is simulated by the CIA Pillar.

Confidentiality – It’s a Pillar of security where information or data needs to be protected where it cannot be stolen. The goal of Confidentiality is to prevent Unauthorized access.

Cyber criminals can compromise confidentiality by accessing data they are not authorized to access. In the CybernomadTV Scenario, I must protect my login creds to prevent my website from unauthorized access.

Integrity – Integrity is where Data is in it’s orignal form and it’s not been altered or changed. This is quite dangerous in real time scenarios as things can get quite critical.

Information must be protected from wrong hands. We must secure it’s originality and authenticity.

One Example could include

Availability – All the Systems must run 24/7 to provide essential services for the users. Data centre needs to run 24/7 with 100 uptime to serve essential services like compute, storage, databases and applications.. Often threat actors perform DDOS Attacks on systems to hamper the availability of systems.

taking this website scenario, I need to ensure my website is running 24/7 so that users can visit my website and access blog posts and other services. Hence, my web hosting provider (Kinsta) needs to be up and running 365 days and must claim 99.9% uptime as defined in their SLA.

Other Examples – Telecom Provider, ISP Provider and Cloud Services ( AWS, Azure n GCP) ensuring availability is ensured.

Authentication

Authentication is the method by which systems verify that a user who is requesting access to a resource really is who they claim to be. In Simple terms, logging into your google accounts or windows machine is where the system is authenticating you to access your accounts.

In an example of cybernomadTV. I need to login into my hosting panel, and I enter my credentials to get access into the dashboard.

When I Enter, The hosting credentials and systems need to authenticate and verify so that I am granted a successfull access into the resource.

In practice, many methods are used to perform authentication. In web-based applications, programs, or systems that require a user login, authentication is a two-step process, as I mentioned above in the example.

In theory and in practical use cases there are 3 types of authentication factors:

  1. Type 1 – Something you know – Password, PIN
  2. Type 2 – Something you have – Smart Card
  3. Type 3 – Something you are – Biometrics

Non-Repudiation

Inability to deny. In cryptography, a service that ensures the sender cannot deny a message was sent and the integrity of the message is intact, and the receiver cannot claim receiving a different message.

System Property where a user cannot deny their actions. For Example If I login at my web server to access files, I must be accountable for the actions I take and cannot deny my actions in case of audit trail.

Network Appliances like Routers, Switches, Firewalls require authorized professionals to operate and there must be transparency in the configuration changes they make, and verifying for the actions they take, hence achieving the Integrity principle.

Check Out these Articles: 

Implementing Non-Repudiation
Professor Meyser

Information Assurance

Information Assurance in simple terms is standard measures protecting information systems by achieving the:

  1. Confidentiality
  2. Integrity
  3. Availability
  4. Authentication
  5. Non Repudiation

The US Government’s definition of information assurance is:

“measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.”

Privacy

Data privacy is a concept closely related to cybersecurity, as both deal with the handling of sensitive data. However, privacy refers to the handling of someone else’s personal data and often with the level of control and consent the individual should expect to have over their own personal data.

Personal Data is your PII ( Personal Identification Information)

Also, PHI which stands for Protected Health Information. It must be protected by Health care organizations, and in USA it is protected under HIPAA ( Health Insurance Portability and Accountability act of 1996)

.Privacy is closely associated with security because the same security controls that ensure the protection of data also contribute to ensuring the privacy of the data. Confidentiality, integrity, and availability all apply to privacy.

References – ISC2

Elements of a Typical Cyber Attack

Elements are typical stages of a cyber attack or campaign. Although ISC2 covers generic and surface level explanation, for example the typical elements include:

  1. Conducting Research
  2. Identifying Targets
  3. Exploiting Targets
  4. Doing Bad things

I would recommed you to learn cyber kill chain which is exactly what the elements are.

Stages in Cyber Kill Chain Include:

  1. Reconnaissance
  2. Weoponization
  3. Delivery
  4. Exploitation
  5. Installation
  6. Command and Control c2
  7. Actions on Objectives.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

Scroll to Top