The following Canons are shown in the priority that they should be followed. To become a CISSP you must adhere to Ethical actions. Before taking the CISSP exam you must sign and agree to the code of ethics of the (ISC)2 organization.
(ISC)2 CODE OF ETHICS CANONS

Do no harm. Protect society, the commonwealth, and the infrastructure.
Act [...]

Continue reading...

Security Policies in an organization’s security system are divided into two broad categories:
1. Management’s Security Policy (or Organizational Policy)
This is the high level security policy of the whole organization. It provides management’s security goals and objectives in writing. It documents compliance and creates a security culture within the company. It establishes also the security activity/function, and [...]

Continue reading...

In Quantitative Risk Analysis, we try to translate every information asset element into monetary value. There are three steps in Quantitative Risk Analysis:

Determine Single Loss Expectancy (SLE):
Single Loss Expectancy is a measure of the money loss that an information asset will suffer due to the activation of a threat.
SLE = Asset Value ($) x Exposure Factor [...]

Continue reading...

Viruses are generally distinguished by the way they spread and propagate or the target they attack. The following virus types do not necessarily indicate a strict division. A file infector for example may also be a system infector. A script virus that infects other script files may be considered also to be a file inspector. [...]

Continue reading...

Cisco ASA Firewalls (ASA 5500 series) offer several ways for remote administration and management of the devices such as SSH access, Telnet access, and Web HTTP access. The last one (HTTP access) makes use of the ASDM (Adaptive Security Device Manager) which is a powerful graphical application for administration and management of the firewall device. [...]

Continue reading...